From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id B45834DD30
	for <ffmpegdev@gitmailbox.com>; Wed,  4 Jun 2025 17:02:39 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 70E5368D73E;
	Wed,  4 Jun 2025 20:02:36 +0300 (EEST)
Received: from mail-vk1-f179.google.com (mail-vk1-f179.google.com
 [209.85.221.179])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 7326A68CA56
 for <ffmpeg-devel@ffmpeg.org>; Wed,  4 Jun 2025 20:02:30 +0300 (EEST)
Received: by mail-vk1-f179.google.com with SMTP id
 71dfb90a1353d-52f22008b6aso25439e0c.1
 for <ffmpeg-devel@ffmpeg.org>; Wed, 04 Jun 2025 10:02:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1749056548; x=1749661348; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=O3soMW0Fr/rlod99lQE3wwM5W2lle6ksxKejSTvYkvg=;
 b=Udcojr2yPbAmY5ZDHx52CIPM7YRpKVZlb4yOWxB6DZNk7ssPM0bQ3SiLOYrOiwLmoP
 t1xZqz4fRvg3p5xV9a1IBJ1znilfXxx/xjfwXDO3TGJVsS6uXtNg8UqRflvROJRvB5e5
 GSGxZs5BL4fOps5YSapLx3KMxw/JyJuFLaSIX/be5gR2nS7u5ZrGow3Dky2IA/BYjk6e
 RMQVxsuEgFyNUqB+AAVMQYFNilmL3t4/7VDyrmfcUXsa4gwsyrHDc7dwH36kWBP6cmms
 csz/AImmxH76Zz8cEkiBvGaj7QofUzsDb432UXUAvOJVjX+Zj0OpVKQ9h2BOvfjBZskH
 ybdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1749056548; x=1749661348;
 h=content-transfer-encoding:mime-version:message-id:date:subject:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=O3soMW0Fr/rlod99lQE3wwM5W2lle6ksxKejSTvYkvg=;
 b=dxGRGp2TAzQhuTLbXBADfe4JkwhGpKqAvO9vsOVcFZsWhAxLXPj6fCMFjQSSOJz+Tg
 qNG0aLZaDcnj9n0KDYAo2MBO/BtqiR5FHavK5tWmlqOSobGs+G7vZqLP88yCKP5xb9qk
 ZhVl6o6BeJZAr5+Qu88oegPIfNwMvDB3iJJEwRqQ5anupCwNl0Zdnmn9NVkKRukpMKaN
 Lm+0HCxAy0WtGWLDPL5r9vzrh8t+rgBOq4iVwqljuoS0mCRBD4yzXN6qHw0qlC8JQN1I
 e65vT3FvpFusLZ06bSM1z3byhmTRMIy1HwkVG+lq/l7EVuPdxLdnjNoqx8Y/imG5AHKW
 Ze9g==
X-Gm-Message-State: AOJu0Yxpae8ZcHk0wtsbbMNZXjMO4ZBBTA8moCgDRldZYZ4qYW9ENbcV
 Q7hvdg9xahrnT0vM2RV9zh+4++OAzKPvBqf9oMKG2jmDfdw6s44vbl5HJUK2XA==
X-Gm-Gg: ASbGncuxvvjD+YoKaTQK5e5rQU7W+HCsDfDj5cb4wt+hl1p9QKdEczY9rINPc4tFYzd
 pFSFDgImYytWyQ/HjJkE+5p1UPpOdFu2CeUmaPKamyggyVucVLk0Zj5sATfrxjEkGEp/5ztuMjl
 7iwx3noUJHFRx16KgLzyx+zyTvXlBUKkPEhobQiyKe1iAhpXxUdQQOo4bfFdmpgFsFIWImhDZ9l
 x0a6IaxTntdyt5Q2ozWGoWTEKru6mJ7emR+4/Lg/9z5yzYnAAxdLb8patLald6I3LcuMiQubyO5
 +I0xZPIB/vVvQjUdUC8bS0+fHbI5/lpL5M1n0oI8NDdP+xgOgwjEsYhbc95r7yYCE+ekxmM=
X-Google-Smtp-Source: AGHT+IGyksP4i1ztzQxDZ7zSCKcBHOlNv5fmJEJyWwTGNgFB6p423+LEVW4KroRTeyd7O49JNfyDbg==
X-Received: by 2002:a05:6122:32c2:b0:530:727f:a7b7 with SMTP id
 71dfb90a1353d-530c738fb47mr3388282e0c.11.1749056548171; 
 Wed, 04 Jun 2025 10:02:28 -0700 (PDT)
Received: from localhost.localdomain ([2800:2121:b000:82e:8578:fba4:20a9:7d9f])
 by smtp.gmail.com with ESMTPSA id
 71dfb90a1353d-53074c32303sm11347932e0c.45.2025.06.04.10.02.27
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 04 Jun 2025 10:02:27 -0700 (PDT)
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Wed,  4 Jun 2025 14:02:15 -0300
Message-ID: <20250604170215.1336-1-jamrial@gmail.com>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH] avformat/mov: add more sanity checks when
 reading clap boxes
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250604170215.1336-1-jamrial@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

If the apperture window is bigger than the canvas, then the clap box is invalid
and there's no point calculating cropping values.

Fixes: libavformat/mov.c:1295:14: runtime error: -256 is outside the range of representable values of type 'unsigned long'

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavformat/mov.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 8a094b1ea0..1890fcb280 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1277,6 +1277,11 @@ static int mov_read_clap(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         err = AVERROR_INVALIDDATA;
         goto fail;
     }
+    if ((av_cmp_q((AVRational) { width,  1 }, aperture_width)  < 0) ||
+        (av_cmp_q((AVRational) { height, 1 }, aperture_height) < 0)) {
+        err = AVERROR_INVALIDDATA;
+        goto fail;
+    }
     av_log(c->fc, AV_LOG_TRACE, "clap: apertureWidth %d/%d, apertureHeight %d/%d "
                                 "horizOff %d/%d vertOff %d/%d\n",
            aperture_width.num, aperture_width.den, aperture_height.num, aperture_height.den,
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".