From patchwork Sat Jul 4 15:15:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhao Zhili X-Patchwork-Id: 20802 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 149E044A341 for ; Sat, 4 Jul 2020 18:15:58 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E6C1B68A9BB; Sat, 4 Jul 2020 18:15:57 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from qq.com (out203-205-221-143.mail.qq.com [203.205.221.143]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3869C688074 for ; Sat, 4 Jul 2020 18:15:49 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1593875744; bh=gy9Mip943yMeDrZK/XQz1Ikm9ancpSMKvcVVv1GezEY=; h=From:To:Cc:Subject:Date; b=tRGhyYL0hhE0/CceK0ReokAJX7z7/n5XQo9wNcq/PCohH2mEXlJU99tuKXAERUNtH pd1GkP7nzyayPPklld/0m2is0u9BtVKRjPOEQrePm2HjBVqGuUFXO421/gT+j7lnjF 49dlhVs5HXgWLCf5SSb3WxhnSIAVOSpVQCLCgmLI= Received: from localhost.localdomain ([27.38.241.30]) by newxmesmtplogicsvrsza5.qq.com (NewEsmtp) with SMTP id 3EA916FE; Sat, 04 Jul 2020 23:15:42 +0800 X-QQ-mid: xmsmtpt1593875742tghmigusi Messag-ID: X-QQ-XMAILINFO: OF3c/neOiQw47rmdF3O2/Ubit8USWS4LqVNhda97gLj1GSoGaLgmYY3oxiBNEE dlIrofZUMbrLhoweXrN+JX1QALfGovmTaTyDPMyOo2+eSIOWFjGhjPq9QidVgWFcy6PjJPURAz8H MzNb2CiKnsNov89sdxn5IpZB5bmdjTumKY9ldFkR2od5V+xnRBZRIIw3PkwNpUbt+kqCPq53qpV5 ZVlDiUSTrtrrr4qLo/L1RXycs7E8W9kRXxh6OWGnmjKzURptnrh2+1qqqFmtJ09QR3dDK/jIBiaG NiEKaE++/qdZSaIKoXCovhwT+nIDC8+8FlwCchxQrgr9fN3xbdbfpdnyXSbAJuxJfc4O/Ot2Y27R 2cMQeFv/XqMF1y8hQhPSKYSaPi7zC/jxTFD8L0ne8CE0j7cZfbpdI67NUH5IFc+RL2z6JHYFlOKB HCUv979SpAp9CeEMMS/E6uIqd474VaGmmCZAwUThfR2hvHrhBPD91ckyV3jVEMVLov+lrP7Sd9gV 71zQuy70owmyc0yX77m64xML6DqqpBZGWvFwm3mn1g/DQF5qRWdgG2Ovc0SuQdcjc6lcxG+66VRY 6n9wqfcr5jTdw+w+tv7GQHVV9A1XZhtHF3MHPuvKRnEEGZP9ww/3t65kYSi0ziEDpdMNAUKGx2A4 YC7GULTKYikGVDiEUUgzHId1dnnQnxXbTyRcXEl2Nt+gn8sA+ZpfHiOH3JA9Ald6Ka4O83uv/g3m OD From: Zhao Zhili To: ffmpeg-devel@ffmpeg.org Date: Sat, 4 Jul 2020 23:15:39 +0800 X-OQ-MSGID: <20200704151539.413797-1-quinkblack@foxmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avformat/mov: fix undefined behavior in mov_read_default X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Zhao Zhili Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Message-Id: <20200704151557.E6C1B68A9BB@ffbox0-bg.mplayerhq.hu> --- libavformat/mov.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index df5bebdff1..da438e4e2c 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -6945,13 +6945,12 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) a.type == MKTAG('h','o','o','v')) && a.size >= 8 && c->fc->strict_std_compliance < FF_COMPLIANCE_STRICT) { - uint8_t buf[8]; - uint32_t *type = (uint32_t *)buf + 1; - if (avio_read(pb, buf, 8) != 8) - return AVERROR_INVALIDDATA; + uint32_t type; + avio_skip(pb, 4); + type = avio_rl32(pb); avio_seek(pb, -8, SEEK_CUR); - if (*type == MKTAG('m','v','h','d') || - *type == MKTAG('c','m','o','v')) { + if (type == MKTAG('m','v','h','d') || + type == MKTAG('c','m','o','v')) { av_log(c->fc, AV_LOG_ERROR, "Detected moov in a free or hoov atom.\n"); a.type = MKTAG('m','o','o','v'); }