diff mbox series

[FFmpeg-devel,2/4] avformat/mov: check extent_offset calculation for overflow

Message ID 20240701024022.2898-2-jamrial@gmail.com
State New
Headers show
Series [FFmpeg-devel,1/4] avformat/mov: check that iloc offset values fit on an int64_t | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 fail Make fate failed
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

James Almer July 1, 2024, 2:40 a.m. UTC 
Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavformat/mov.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/libavformat/mov.c b/libavformat/mov.c
index fd78d5f59c..3aa2398386 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -8482,7 +8482,8 @@  static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         }
         for (int j = 0; j < extent_count; j++) {
             if (rb_size(pb, &extent_offset, offset_size) < 0 ||
-                rb_size(pb, &extent_length, length_size) < 0)
+                rb_size(pb, &extent_length, length_size) < 0 ||
+                base_offset > INT64_MAX - extent_offset)
                 return AVERROR_INVALIDDATA;
             if (offset_type == 1)
                 c->heif_item[i].is_idat_relative = 1;