From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 2FD5A4BC05 for ; Fri, 1 Aug 2025 09:13:06 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 45CA968D127; Fri, 1 Aug 2025 12:12:58 +0300 (EEST) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id F347468CCC2 for ; Fri, 1 Aug 2025 12:12:50 +0300 (EEST) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-76bc68cc9e4so1470896b3a.2 for ; Fri, 01 Aug 2025 02:12:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1754039569; x=1754644369; darn=ffmpeg.org; h=to:resent-to:message-id:resent-date:content-transfer-encoding:date :resent-from:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=RG4rAAEodgWQxMRMAGlaXictf9qpicE2LZWYmjpmNEI=; b=GRKbhoK+TnwMb3uXKa7SLI+z4u+bGD/HNKK70LR7WgklH86ZnXa8J6JLcgM3JtufUw XZ+bBGpdfHLg87zMdP9rr0mqByEravkEG4uVi2uwYcIV7rj2tdqTm5XH1kh/QTZJl4xw bu+ON77P4XRRvyquAWFXVkMC7wIquAcVLLXzmYBlfeVu3QgekC0toiAtH79+bbeUnJch +7QyjSkD5essJErKsJZy4fy5wSMoSM2r3YQwcg+2EUXLWoG5wJBIDOD3fusM3MWJgId5 hVbZ8Y08/2L8fVIUkkk/60Je0rgh0V2wUgPv3qMHzj8tPV+sg7g3WmIhRv7wWc2o1OEz 5xUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754039569; x=1754644369; h=to:resent-to:message-id:resent-date:content-transfer-encoding:date :resent-from:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RG4rAAEodgWQxMRMAGlaXictf9qpicE2LZWYmjpmNEI=; b=bcoAU1oynhc9EQYq23dbYyzzRyAwBQs9WAriSlI4ivZWf2cB8M/4H5K5oC3Esis7zM GGxX/1IyFvK9mrHnnpjycXooaFVsSbU7zRu9PFdYQc5dui1uVFzHy1BqXgxmYc/V7GW2 S6Ko3GF92GqDAXnWFQ/mu+eX+fc3tNVyvCE2Ms4jVBNa97ymKP4WA8WzyOiMhojx9I/Q N4guAZKLFfCuczXmNA6szjk9rk6tJPnhZFZVnDLbZ/n5qY5ae4EnG+do0gc6yB/EyfCJ ouDJFQNLhNDTUAzxCU5rqM90ToMp3iVgPzbnbR2T6ujnTmJV6KaYWNCTupbeq9PqeCV0 4TWQ== X-Gm-Message-State: AOJu0YzszwhaT+IJERLugggWDHGJwfnq+fTpdOnHhywlUYuE+RqwfA2i GL2FpjLsPq8Kf+E1SpVjdOvkPLheOQCpms+G3AInSE+wjezxBYtvpZtDz6BaZTF+ X-Gm-Gg: ASbGncsZ3IIq/ny1LYdXoKS2J6WuokZS7bMZC5Qey/0SEeIDAqy7zDR9T+QCYtz58Oi 0b9tbPD5N+2WcAXz6BxBwcgU8pLi3YvPjQYX18BWoRv1p4Xrvmt/JH4oyTYf2+kyz1NneTXTWK9 HEgTB7N2mXvAm52wqkmMeeR2E9JaLV0rFeRKX3hcWrHdls7fx614UEK3c3abUtxN7/KFY2YjALB cg2if8/cjZ65kmfc6QBB9QQADIDsQC+CKVtuFH/uddAPIp3vO6li4RhUj0l5vzCiZtFCZHqfx4G eOyOARao3nMJutI7ye5M9FYCUkvDDEfK3GCLLd4IpcS0YgwlcGFP4rzUfPacd82576loj61c5T6 FS4XUVqIfLwnIRnp8Ag9qspj2HxWcxrFB5yYmkMAEMVURjYOY X-Google-Smtp-Source: AGHT+IFx3JfEEEfakDf45ZHg7ovX6+uVSJpWXwbLXEKfBsVD0TsF/SGdmYAonDH86jtY0D5L7+kLWg== X-Received: by 2002:a05:6a00:2315:b0:76b:cdce:484f with SMTP id d2e1a72fcca58-76bdce548ccmr3490070b3a.3.1754039568942; Fri, 01 Aug 2025 02:12:48 -0700 (PDT) Received: from smtpclient.apple ([150.129.164.236]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76bcce8f911sm3618580b3a.47.2025.08.01.02.12.47 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Aug 2025 02:12:48 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3818.100.11.1.3\)) From: Sanjay Jangid Resent-From: Sanjay Jangid Date: Wed, 30 Jul 2025 17:02:16 +0530 Resent-Date: Fri, 1 Aug 2025 14:42:35 +0530 Message-Id: Resent-To: ffmpeg-devel@ffmpeg.org To: ffmpeg-devel@ffmpeg.org X-Mailer: Apple Mail (2.3818.100.11.1.3) Subject: [FFmpeg-devel] [PATCH] avformat/mov: prevent excessive allocation in mov_read_udta_string X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Resent-Message-Id: <20250801091258.45CA968D127@ffbox0-bg.ffmpeg.org> Archived-At: List-Archive: List-Post: Signed-off-by: Sanjay Jangid --- libavformat/mov.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index c935bbf..725a9fa 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -459,6 +459,10 @@ retry: data_type = avio_rb32(pb); // type avio_rb32(pb); // unknown str_size = data_size - 16; + if (str_size >= INT_MAX / 2) { + av_log(c->fc, AV_LOG_ERROR, "str_size is too large\n"); + return AVERROR_INVALIDDATA; + } atom.size -= 16; if (!key && c->found_hdlr_mdta && c->meta_keys) { -- 2.50.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".