[FFmpeg-devel] Check size of STSC allocation

Message ID	CAEVbG5o_DoWYwqA=66njL9X3CaQ2sX1G_kCQ0rFtsBSp2XmaSw@mail.gmail.com
State	New
Headers	show Delivered-To: ffmpegpatchwork@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; MIME-Version: 1.0 In-Reply-To: <CAB0OVGrfW9BKoMSQFGqXB0DX453BrXRmSvoHQX6sxafMX5z9og@mail.gmail.com> References: <CAEVbG5rc0DkoSrvK9eGe4xhzV3Vv3q9et+8hz4AyOjsqst6e0w@mail.gmail.com> <CAB0OVGrfW9BKoMSQFGqXB0DX453BrXRmSvoHQX6sxafMX5z9og@mail.gmail.com> From: Fredrik Hubinette <hubbe-at-google.com@ffmpeg.org> Date: Wed, 15 Nov 2017 17:25:47 -0800 Message-ID: <CAEVbG5o_DoWYwqA=66njL9X3CaQ2sX1G_kCQ0rFtsBSp2XmaSw@mail.gmail.com> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Content-Type: multipart/mixed; boundary="f403045f19c20841b4055e0f8039" Subject: Re: [FFmpeg-devel] Check size of STSC allocation Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Message ID

CAEVbG5o_DoWYwqA=66njL9X3CaQ2sX1G_kCQ0rFtsBSp2XmaSw@mail.gmail.com

State

New

Headers

Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100; 
MIME-Version: 1.0
In-Reply-To: <CAB0OVGrfW9BKoMSQFGqXB0DX453BrXRmSvoHQX6sxafMX5z9og@mail.gmail.com>
References: <CAEVbG5rc0DkoSrvK9eGe4xhzV3Vv3q9et+8hz4AyOjsqst6e0w@mail.gmail.com>
	<CAB0OVGrfW9BKoMSQFGqXB0DX453BrXRmSvoHQX6sxafMX5z9og@mail.gmail.com>
From: Fredrik Hubinette <hubbe-at-google.com@ffmpeg.org>
Date: Wed, 15 Nov 2017 17:25:47 -0800
Message-ID: <CAEVbG5o_DoWYwqA=66njL9X3CaQ2sX1G_kCQ0rFtsBSp2XmaSw@mail.gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="f403045f19c20841b4055e0f8039"
Subject: Re: [FFmpeg-devel] Check size of STSC allocation
Precedence: list
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Commit Message

Fredrik Hubinette Nov. 16, 2017, 1:25 a.m. UTC

Fixed indentation.


On Wed, Nov 15, 2017 at 3:40 PM, Carl Eugen Hoyos <ceffmpeg@gmail.com>
wrote:

> 2017-11-16 0:21 GMT+01:00 Fredrik Hubinette <hubbe-at-google.com@ffmpeg.
> org>:
> > This patch checks that the memory allocated for stsc entries isn't larger
> > than the atom.
>
> Consider fixing the indentation of the second added line,
> making the committer's life easier.
>
> Thank you, Carl Eugen
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>

Comments

Michael Niedermayer Nov. 16, 2017, 10:13 p.m. UTC | #1

On Wed, Nov 15, 2017 at 05:25:47PM -0800, Fredrik Hubinette wrote:
> Fixed indentation.
> 
> 
> On Wed, Nov 15, 2017 at 3:40 PM, Carl Eugen Hoyos <ceffmpeg@gmail.com>
> wrote:
> 
> > 2017-11-16 0:21 GMT+01:00 Fredrik Hubinette <hubbe-at-google.com@ffmpeg.
> > org>:
> > > This patch checks that the memory allocated for stsc entries isn't larger
> > > than the atom.
> >
> > Consider fixing the indentation of the second added line,
> > making the committer's life easier.
> >
> > Thank you, Carl Eugen
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >

>  mov.c |    2 ++
>  1 file changed, 2 insertions(+)
> ddf55d33d4ddd7358a6562921eecd7703b0b1993  0001-Check-size-of-STSC-allocation.patch
> From 13afb2b1a5d135b6aed55b910a4146da972a6e01 Mon Sep 17 00:00:00 2001
> From: Fredrik Hubinette <hubbe@google.com>
> Date: Wed, 15 Nov 2017 17:24:30 -0800
> Subject: [PATCH] Check size of STSC allocation

will apply

thanks

[...]

From 13afb2b1a5d135b6aed55b910a4146da972a6e01 Mon Sep 17 00:00:00 2001
From: Fredrik Hubinette <hubbe@google.com>
Date: Wed, 15 Nov 2017 17:24:30 -0800
Subject: [PATCH] Check size of STSC allocation

---
 libavformat/mov.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 7d1bd9950a..46862512ac 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2618,6 +2618,8 @@  static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     avio_rb24(pb); /* flags */
 
     entries = avio_rb32(pb);
+    if ((uint64_t)entries * 12 + 4 > atom.size)
+        return AVERROR_INVALIDDATA;
 
     av_log(c->fc, AV_LOG_TRACE, "track[%u].stsc.entries = %u\n", c->fc->nb_streams - 1, entries);
 
-- 
2.15.0.448.gf294e3d99a-goog

[FFmpeg-devel] Check size of STSC allocation

Commit Message

Comments

Patch