From patchwork Tue Apr  2 03:18:00 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Almer <jamrial@gmail.com>
X-Patchwork-Id: 47725
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id
 mm22csp1113371pzb;
        Mon, 1 Apr 2024 20:18:29 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVj9DyWFH9O5k3OlOOgh9EXPuiIeSkrfwc1dYHu41GIagyPLeq4pE/E3iEIbBjxXV0Wfs6uWg0ZZjDiUT2ZS69FXyWLqUwKqSP3YQ==
X-Google-Smtp-Source: 
 AGHT+IHNQg592ArKrYwUl2J8Oms/+rCTaSmRNoEi5miosmqUF2AX4qFYVX/QJZBm7iFGhYrQzLzQ
X-Received: by 2002:a05:6402:268c:b0:56b:b8c8:53e4 with SMTP id
 w12-20020a056402268c00b0056bb8c853e4mr7330237edd.4.1712027909189;
        Mon, 01 Apr 2024 20:18:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1712027909; cv=none;
        d=google.com; s=arc-20160816;
        b=yvTt6xBdo+4/u+ee8B2rpKgIiXr0Cjigr6iRA7FdUOedwmxbfcDZIs9f6vJ9S0/B4i
         p0NaOes7QTrN8IjTPpY6skdbbEwFocAfyiycCLaDoUMrRyihrI8OZpDMhBiRbrQfPhGI
         9NSVbz4iaJ17g14wHg8bvRDrVyxGCQC6oqySqitcHoKOxx404GRj9VI1bIFkX+trMEde
         nL5I2jlwfrqvxfiiAMfvNB8VOI8ZPaxXXL8lDaDV9ksqqyDgyrnI05WWcn34VMlXLFlS
         /GaP7ieKV9sR5jBRVK//fUP9fOtQ1exFulUxZoiDR2tDrzN1bdRoLVEmfRwtUmPYmT46
         XBxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=r5wDVnNwUtnkdlViHTqpVPW6K3Eg+35brOcNnNWqLIs=;
        fh=YOA8vD9MJZuwZ71F/05pj6KdCjf6jQRmzLS+CATXUQk=;
        b=NRJIZSChCTIRKKQkYkdC73KdEuVQwASJdJrILNjrhibKuYC1RiEZAYYe/neodXmL1q
         fkjdYpQkkwefI9zRzFLIJf9DXVGKjC0FLjRlrAyJiWA/cNpNo+ooPS61EZdrR2jtM8/N
         kV3sjnNTRZWuJkQzhs1zW5sHT1lp3Tmp2Af2mKuw5L4xKOAGxdXHlmeoUlB/Q3UOsy5T
         XkRA8a5H+UXIUTtB/K4KqQKuJ/Y2HaGOW8XaQO1Kr4f5UMUGtNIuar0b9Tp5uHhBTBmT
         VZUwO4ZHLK1APSlRIkYj6EiK4woP4Om083YYT/VrJMISipfbD3fyf48dtxrBtxbrrfT3
         +XGw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20230601 header.b=RpYbjVnB;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 c8-20020a05640227c800b0056c1a113823si5394455ede.595.2024.04.01.20.18.28;
        Mon, 01 Apr 2024 20:18:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20230601 header.b=RpYbjVnB;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4F5E568D0EA;
	Tue,  2 Apr 2024 06:18:13 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com
 [209.85.215.177])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9A75268D0AF
 for <ffmpeg-devel@ffmpeg.org>; Tue,  2 Apr 2024 06:18:06 +0300 (EEST)
Received: by mail-pg1-f177.google.com with SMTP id
 41be03b00d2f7-53fbf2c42bfso3656173a12.3
 for <ffmpeg-devel@ffmpeg.org>; Mon, 01 Apr 2024 20:18:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1712027884; x=1712632684; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=zDwqXl+boUZrg4F/SbBktHSnWtDWuEr7IVcjxIf+3VE=;
 b=RpYbjVnB6doJoy1NWMpdzabciHIY1E9XP5uXX6L4D7kSV0gbwjFRxvwWeU9e5JZVZc
 zQtC7qLCEQy2Xjo1vYrLs1uI1LQElsMjPzTaepjEe5mN9vC2RjIBIJkyq8w0Jhu3cdvG
 1x+JqlQO23yRdGZHu3BkXcllR2u0JYLyF/5s2AzgX0TbDGjCb2+pKI/yLc1ylNjeu2hR
 MCxiboJ82mf026yxxhf3dGYoeWRbAWBRc+U1jiQrC1uYE9ylJ4X6lc65msmOrnDuyxS0
 opjOZjijyvY3InbKLKgXoZSotAVrC22Q9Cja1YquZrRnC21nrNNXsqvbUPS9c3CjH9mw
 4nCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1712027884; x=1712632684;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=zDwqXl+boUZrg4F/SbBktHSnWtDWuEr7IVcjxIf+3VE=;
 b=QUUZIXhxBZ/pirxRsXeZWc2aLOSMVDQERseVzGw3rhp3MF6wWFn13RcPD3lkbOxxFS
 yPgQ8enFfqj0Wjl41R39/6oELuF/xPfshBDF8KmP5Dr1RVxvza5tAGlrnShu71adgVNE
 9Bzo9Dtz5fdOo0/0nc9+CvYQKFTpMi3exeZC5L+0M7QbvHTzv8dhYaUl1XXprkSxU/+j
 YiPnT2sbWiuCd60oZqJje7dmOuJxBo4OP/62Gt6VAplCmRvlZvHR2MzTBd2f75BxCTyK
 5H51ZVfu3KCbdiRqbPdzJCqR4HT/QTF5y4/vV+D+f7H+dKDB96GX0atmQZSAfhstWGkg
 EnVw==
X-Gm-Message-State: AOJu0YxSDJ+VH5gkA2wlw5L98elENOR/xwB0OaLzXARqcaZsMidrHB87
 rBrRunVGHPP0/3cPnnxBwHWtMGOC6+IY6JmG04HobKFkms5/fW0+cy5HI4pG
X-Received: by 2002:a17:902:7847:b0:1e0:1bff:59e2 with SMTP id
 e7-20020a170902784700b001e01bff59e2mr11195601pln.39.1712027884129;
 Mon, 01 Apr 2024 20:18:04 -0700 (PDT)
Received: from localhost.localdomain ([190.194.167.233])
 by smtp.gmail.com with ESMTPSA id
 g12-20020a170902fe0c00b001e26ba8882fsm408652plj.287.2024.04.01.20.18.03
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 01 Apr 2024 20:18:03 -0700 (PDT)
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue,  2 Apr 2024 00:18:00 -0300
Message-ID: <20240402031800.7159-3-jamrial@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240402031800.7159-1-jamrial@gmail.com>
References: <20240402031800.7159-1-jamrial@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 3/3] avformat/mov: fix the entry count
 overflow check in the keys atom
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: GPnHd/nnr7+h

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index a935ef7326..9fca402896 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5025,7 +5025,7 @@ static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     avio_skip(pb, 4);
     count = avio_rb32(pb);
     atom.size -= 8;
-    if (count > UINT_MAX / sizeof(*c->meta_keys) - 1) {
+    if (count + 1LL > UINT_MAX / sizeof(*c->meta_keys)) {
         av_log(c->fc, AV_LOG_ERROR,
                "The 'keys' atom with the invalid key count: %"PRIu32"\n", count);
         return AVERROR_INVALIDDATA;