diff mbox series

[FFmpeg-devel,1/1] libavformat/mov: Add bound checks to avoid invalid memory allocation

Message ID 20201019033103.2765-1-ruc_zhangxiaohui@163.com
State New
Headers show
Series [FFmpeg-devel,1/1] libavformat/mov: Add bound checks to avoid invalid memory allocation | expand

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate warning Make fate failed

Commit Message

Xiaohui Zhang Oct. 19, 2020, 3:31 a.m. UTC 
From: Zhang Xiaohui <ruc_zhangxiaohui@163.com>

Hi, I think function mov_read_cmov fails to perform proper bounds
checking on cmov_len, which may lead to invalid memory allocation.

Signed-off-by: Zhang Xiaohui <ruc_zhangxiaohui@163.com>
---
 libavformat/mov.c | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 7fd43a8fc5..a23daa25da 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5183,6 +5183,8 @@  static int mov_read_cmov(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     moov_len = avio_rb32(pb); /* uncompressed size */
     cmov_len = atom.size - 6 * 4;
 
+    if (cmov_len <= 0)
+        return AVERROR_INVALIDDATA;
     cmov_data = av_malloc(cmov_len);
     if (!cmov_data)
         return AVERROR(ENOMEM);