From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 1DB1448C29 for ; Wed, 22 May 2024 13:01:08 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BB78E68D38E; Wed, 22 May 2024 16:01:06 +0300 (EEST) Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8878C68CCB8 for ; Wed, 22 May 2024 16:01:00 +0300 (EEST) Received: by mail-pg1-f174.google.com with SMTP id 41be03b00d2f7-61f2dc31be4so607697a12.1 for ; Wed, 22 May 2024 06:01:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716382858; x=1716987658; darn=ffmpeg.org; h=content-transfer-encoding:in-reply-to:content-language:references :to:from:subject:user-agent:mime-version:date:message-id:from:to:cc :subject:date:message-id:reply-to; bh=XGFBN4Xf+SqvsbEpm4KLLwtRWIQNBpvnLnGKJ5YXwiU=; b=jxznZibc23m38453o5cRhObUmpRUdHMwZjMLaFeAw8fDJ+GR3XeBxtOEopet1KdVtF KubNcsCYiyoeRPf+UGZT6L4yd7JhUipaFgZsb7fURMVTVcsFKUip5rb8MDZdO3Aif2AR jISIKaJ7wdi3qQLQRrw8l3wcBKApSIbBhRxbeaY1+SrfE02A4ld0bWPnFsEkBR+oa89A +gMtTV//BspdakilXzntyGuzpcx8yN14hbKVqvymua0+voJPECLLDt3jknoTor7q9SCt kLzuaeTJ1MYt34m4Fn+vImTHboy2NulqReK6v9AX2/zsSpESAsGzb9bthUE491ujRLB6 ovEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716382858; x=1716987658; h=content-transfer-encoding:in-reply-to:content-language:references :to:from:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XGFBN4Xf+SqvsbEpm4KLLwtRWIQNBpvnLnGKJ5YXwiU=; b=SeHzvoUwSPeN7ZQN3VwtDpUz6aJajK+7dBxaSM6lPkBGNf9fRI5X3DuAeeFVmLlY51 CTSPFwhJXwt5NYEGGO8zuu3xhMLXYZR5EP3nG0g8e0eGFhAWnad3t3VrJAKY6o/w0KWS +lCXNpyQ4PqrTFXeS8vPiiXkmZoiAtyw51wHk2wSKNTTKD0Nl4GprUCLa4IJM1jgGNq3 ovfUwO6ZNukkEdljjfFln608MpqlwS0QxlXSqXjebzImBNiKY+t2uuujCMz7/OkeFMx8 rw7+0LgqB935m2NBg3dVMQBIhJhZxyrykqePRWkdqHHRMZwwFGcwu0MIfWccv084M7CN 7SQw== X-Gm-Message-State: AOJu0YxAJMsJAqow3OwEjrOJdrm2DkEK2l3lwTS0kVPUWzpOCRC1XtXW M4eRnoVmANn+JCkUXhunikaPeaXQechl6+tCsy4OuPkAoQ6DvPlkkKej9g== X-Google-Smtp-Source: AGHT+IGZi/Qsu2V9rqD4Y+IgZIOpYfDlSV38JyuQH7tkrtejfz8fI78mbXXNvorvKfQorXAIGieOVQ== X-Received: by 2002:a17:90a:8d81:b0:2b3:6898:d025 with SMTP id 98e67ed59e1d1-2bd9f48f0d2mr2889321a91.9.1716382858310; Wed, 22 May 2024 06:00:58 -0700 (PDT) Received: from [192.168.0.10] ([190.194.167.233]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2b671165fbcsm26190328a91.17.2024.05.22.06.00.57 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 22 May 2024 06:00:57 -0700 (PDT) Message-ID: <6cd4a327-265e-407b-aa9f-231c6c1eedc3@gmail.com> Date: Wed, 22 May 2024 10:00:59 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: James Almer To: ffmpeg-devel@ffmpeg.org References: <20240520014157.5399-1-jamrial@gmail.com> Content-Language: en-US In-Reply-To: <20240520014157.5399-1-jamrial@gmail.com> Subject: Re: [FFmpeg-devel] [PATCH] avformat/mov: store sample_sizes as unsigned ints X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 5/19/2024 10:41 PM, James Almer wrote: > As defined in Section 8.7.3.2.1 of ISO 14496-12. > Any unsupported value will be rejected in mov_build_index() without outright > aborting demuxing. > > Fixes ticket #11005. > > Signed-off-by: James Almer > --- > libavformat/isom.h | 2 +- > libavformat/mov.c | 4 ++-- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/libavformat/isom.h b/libavformat/isom.h > index 07f09d6eff..c0a5788e08 100644 > --- a/libavformat/isom.h > +++ b/libavformat/isom.h > @@ -193,7 +193,7 @@ typedef struct MOVStreamContext { > unsigned int sample_size; ///< may contain value calculated from stsd or value from stsz atom > unsigned int stsz_sample_size; ///< always contains sample size from stsz atom > unsigned int sample_count; > - int *sample_sizes; > + unsigned int *sample_sizes; > int keyframe_absent; > unsigned int keyframe_count; > int *keyframes; > diff --git a/libavformat/mov.c b/libavformat/mov.c > index b3fa748f27..54c2d1eebc 100644 > --- a/libavformat/mov.c > +++ b/libavformat/mov.c > @@ -3308,9 +3308,9 @@ static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom) > > for (i = 0; i < entries; i++) { > sc->sample_sizes[i] = get_bits_long(&gb, field_size); > - if (sc->sample_sizes[i] < 0) { > + if (sc->sample_sizes[i] > INT64_MAX - sc->data_size) { > av_free(buf); > - av_log(c->fc, AV_LOG_ERROR, "Invalid sample size %d\n", sc->sample_sizes[i]); > + av_log(c->fc, AV_LOG_ERROR, "Sample size overflow in STSZ\n"); > return AVERROR_INVALIDDATA; > } > sc->data_size += sc->sample_sizes[i]; Will apply. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".