diff mbox series

[FFmpeg-devel,3/3] avformat/mov: fix use invalid box size/type due to eof

Message ID tencent_724FBD55402721B8EB1647CD5020144DF107@qq.com
State Accepted
Commit 6c1b685e20edc6ead607b935d1d79740b9857e25
Headers show
Series [FFmpeg-devel,1/3] avformat/mov: remove an always true condition | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_armv7_RPi4 success Make finished
andriy/make_fate_armv7_RPi4 success Make fate finished

Commit Message

Zhao Zhili April 26, 2022, 8:20 a.m. UTC 
---
 libavformat/mov.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Zhao Zhili May 8, 2022, 4:23 p.m. UTC | #1 
> On Apr 26, 2022, at 4:20 PM, Zhao Zhili <quinkblack@foxmail.com> wrote:
> 
> ---
> libavformat/mov.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index e948c6cd0f..429f9fcbf7 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -7691,10 +7691,12 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> 
>     if (atom.size < 0)
>         atom.size = INT64_MAX;
> -    while (total_size <= atom.size - 8 && !avio_feof(pb)) {
> +    while (total_size <= atom.size - 8) {
>         int (*parse)(MOVContext*, AVIOContext*, MOVAtom) = NULL;
>         a.size = avio_rb32(pb);
>         a.type = avio_rl32(pb);
> +        if (avio_feof(pb))
> +            break;
>         if (((a.type == MKTAG('f','r','e','e') && c->moov_retry) ||
>               a.type == MKTAG('h','o','o','v')) &&
>             a.size >= 8 &&
> -- 

Applied.
diff mbox series

Patch

diff --git a/libavformat/mov.c b/libavformat/mov.c
index e948c6cd0f..429f9fcbf7 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -7691,10 +7691,12 @@  static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 
     if (atom.size < 0)
         atom.size = INT64_MAX;
-    while (total_size <= atom.size - 8 && !avio_feof(pb)) {
+    while (total_size <= atom.size - 8) {
         int (*parse)(MOVContext*, AVIOContext*, MOVAtom) = NULL;
         a.size = avio_rb32(pb);
         a.type = avio_rl32(pb);
+        if (avio_feof(pb))
+            break;
         if (((a.type == MKTAG('f','r','e','e') && c->moov_retry) ||
               a.type == MKTAG('h','o','o','v')) &&
             a.size >= 8 &&