[FFmpeg-devel] [PATCH] avformat/mov.c: prevent unbounded read from pipe when 'mdat' precedes 'moov'

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed

* [FFmpeg-devel] [PATCH] avformat/mov.c: prevent unbounded read from pipe when 'mdat' precedes 'moov'
@ 2025-09-16 14:30 Tijn Porcelijn via ffmpeg-devel
  0 siblings, 0 replies; only message in thread
From: Tijn Porcelijn via ffmpeg-devel @ 2025-09-16 14:30 UTC (permalink / raw)
  To: ffmpeg-devel; +Cc: Tijn Porcelijn

When mp4/mov media packaged without faststart/empty_moov is ingested
through pipe, the process stalls indefinitely or until buffers deplete
memory. This aborts the ingest immediately unless we read from seekable
input or the mdat is very small.

Signed-off-by: Tijn Porcelijn <tijn@juvoly.nl>
---
  libavformat/mov.c | 5 +++++
  1 file changed, 5 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 216c6a5442..34991fec81 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1371,6 +1371,11 @@ static int mov_read_mdat(MOVContext *c, 
AVIOContext *pb, MOVAtom atom)
  {
      if (atom.size == 0) /* wrong one (MP4) */
          return 0;
+    if (!(c->found_moov) && !pb->seekable && atom.size > (pb->buf_end - 
pb->buf_ptr))
+    {
+        av_log(c->fc, AV_LOG_ERROR, "'mdat' must not precede 'moov' 
when streaming\n");
+        return -1;
+    }
      c->found_mdat=1;
      return 0; /* now go for moov */
  }
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2025-09-16 14:30 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-09-16 14:30 [FFmpeg-devel] [PATCH] avformat/mov.c: prevent unbounded read from pipe when 'mdat' precedes 'moov' Tijn Porcelijn via ffmpeg-devel

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git