Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-04 14:40:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

avformat/mov: check extradata in mov_read_dops()

Browse source 
We do want to limit an attackers ability to change once parsed structures.
So once extradata (or another array) is finished and possibly has been used we do not
want to allow an attacker to change it.

This reduces the attack surface

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7c67748537)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2026-04-29 01:49:59 +02:00
parent e954e4632b
commit 082f6ddb5c
No known key found for this signature in database
GPG key ID: B18E8928B3948D64
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
libavformat/mov.c
View file

@ -6845,7 +6845,7 @@ static int mov_read_dops(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
if ((uint64_t)atom.size > (1<<30) || atom.size < 11)
if ((uint64_t)atom.size > (1<<30) || atom.size < 11 || st->codecpar->extradata)
return AVERROR_INVALIDDATA;
/* Check OpusSpecificBox version. */