From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 955EB4C18B for ; Wed, 30 Jul 2025 11:40:56 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 1A05D68C363; Wed, 30 Jul 2025 14:40:52 +0300 (EEST) Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id F3584689EA6 for ; Wed, 30 Jul 2025 14:40:45 +0300 (EEST) Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-31329098ae8so802769a91.1 for ; Wed, 30 Jul 2025 04:40:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1753875644; x=1754480444; darn=ffmpeg.org; h=to:resent-to:message-id:resent-date:content-transfer-encoding:date :resent-from:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=RG4rAAEodgWQxMRMAGlaXictf9qpicE2LZWYmjpmNEI=; b=lDCCY7h+KJQ9XIGGGdtYwK/zSo1dit1mbqCXvPNW5Srus1NBnem0VGfTvFWwU358c+ aw4ksG+HThNFV9pipPdeIM02yYsQk5JAZ1ieOXksykKOVMANd70/bGb3NQFFyZP0CBua dBNLp0Xi7UqFzn7x96nAOibCcjl9FJD2nm7ki3xyEWjCE/3CinRfbca+K7FkzoybqgLy LJQxPbavuW1zsshYzyqmaGqVUhO48aR305mPg+uD6++aw8CHO7brBWupmyrnIrUUQ776 gEHbJBc7fPs4MLGmbPezH0OjiQHyCgd4A+hoE7viy5jLYpGpJYeN0BBy8LxdkzNheTOH 9JEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753875644; x=1754480444; h=to:resent-to:message-id:resent-date:content-transfer-encoding:date :resent-from:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RG4rAAEodgWQxMRMAGlaXictf9qpicE2LZWYmjpmNEI=; b=k4g44wUeecx149kQU0kGZFHR3j5WMRKyUg1HcmWS6Ip3CeFEbOwkgXuNzJpy4pOs+j bpZvIOBAT/mmy12AEqaRGAiNE4XMGrTZF+LECrzOdJ0afMact8qhE/urtH9aj37r+D6V AmaoBgnrwy9rsmr3Qyve+XbmnPIGxsyh/UybsxjpSKmvKK+JyW/ozLAI8dhJlmdPU1Tn p6yLU2sb8Vu1aPW+2HI8V/mv7lbcd7e2rrwQO7ieQRGFJNJwPSz4aqdGaaktXU9MG7Nd R1NAQUF+U6z2jHJ146CNbuCY0hqm6TVNr0yXeMuhpB5t1IpZrBRPiRSg3NyISwzN6nNH RT6g== X-Gm-Message-State: AOJu0Yz/UiFuAIiBBBu2eTOm0LYa5Y/5S576sIST/x7cqq7DUOe8d2G6 m8+6ys2UxiM1GOTl1gpbNG8E/naG7ET10EPHrraSgPD9vNPBBNAFyEuS6lXW0kXj X-Gm-Gg: ASbGncskeFHPhP7xJe3GnAHrULWFZ1hj4SkcC9gnaevR7f0FspkZZgIpBMBdl4pVfEI GFRBWIezI0vUE/gLHfnmOKJ2Pr72sWF4I671ofhbap/Hb+ft+nCOZqPBrpw/suJfu+2KreB/Q/f lNZFjnL8xg1xNjKmzaE8D6gKkaVFNQLwFodEEN2crniq86tBNKlwxXa4PiU0x1bvbImx4ZrQqxJ +utMM3k+s0bASCP+dEfQyipG17uDXAy7JYoOicYirVZa0qGe1681Q3pzATJnXvYXeuLlswPsegu avM57hph58ZOxnPgRiLp3eofRF9qadWOYkhLjKhqoPjb2BtNjPvLaW5ATTpdqZH/vtLNpUDdGQb sUVYHLuzStHw3YWioM90o+OExXSACSJUZAxEaR11KyBuJ/Y0qk8Yr29kU3A== X-Google-Smtp-Source: AGHT+IHALKsQCOSpyeMWuS/e+R6iQyeUAJncV3CkAkJdMuMxumqEllj/O3A4d3I6Ii8tfq+bNRI52w== X-Received: by 2002:a17:90b:5623:b0:313:d361:73d7 with SMTP id 98e67ed59e1d1-31f5dd3b1dbmr5133001a91.13.1753875643604; Wed, 30 Jul 2025 04:40:43 -0700 (PDT) Received: from smtpclient.apple ([150.129.164.34]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-31f63c25f0dsm1848563a91.0.2025.07.30.04.40.42 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Jul 2025 04:40:43 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3818.100.11.1.3\)) From: Sanjay Jangid Resent-From: Sanjay Jangid Date: Wed, 30 Jul 2025 17:02:16 +0530 Resent-Date: Wed, 30 Jul 2025 17:10:30 +0530 Message-Id: <58B165F0-8252-41E3-BDE4-39909079EAD6@gmail.com> Resent-To: ffmpeg-devel@ffmpeg.org To: ffmpeg-devel@ffmpeg.org X-Mailer: Apple Mail (2.3818.100.11.1.3) Subject: [FFmpeg-devel] [PATCH] avformat/mov: prevent excessive allocation in mov_read_udta_string X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Resent-Message-Id: <20250730114052.1A05D68C363@ffbox0-bg.ffmpeg.org> Archived-At: List-Archive: List-Post: Signed-off-by: Sanjay Jangid --- libavformat/mov.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index c935bbf..725a9fa 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -459,6 +459,10 @@ retry: data_type = avio_rb32(pb); // type avio_rb32(pb); // unknown str_size = data_size - 16; + if (str_size >= INT_MAX / 2) { + av_log(c->fc, AV_LOG_ERROR, "str_size is too large\n"); + return AVERROR_INVALIDDATA; + } atom.size -= 16; if (!key && c->found_hdlr_mdta && c->meta_keys) { -- 2.50.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".