diff mbox series

[FFmpeg-devel,1/2] avformat/mov: check that sample and chunk count is 1 for HEIF

Message ID 20240629000654.63462-1-jamrial@gmail.com
State New
Headers show
Series [FFmpeg-devel,1/2] avformat/mov: check that sample and chunk count is 1 for HEIF | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 fail Make fate failed
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

James Almer June 29, 2024, 12:06 a.m. UTC 
Fixes NULL pointer dereference in broken/fuzzed streams.

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavformat/mov.c | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 14f43bf906..ba5f85e7e3 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -9904,6 +9904,8 @@  static int mov_read_header(AVFormatContext *s)
             st->codecpar->width  = item->width;
             st->codecpar->height = item->height;
 
+            if (sc->sample_count != 1 || sc->chunk_count != 1)
+                return AVERROR_INVALIDDATA;
             sc->sample_sizes[0]  = item->extent_length;
             sc->chunk_offsets[0] = item->extent_offset + offset;