From patchwork Tue Apr 2 03:17:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 47723 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id mm22csp1113280pzb; Mon, 1 Apr 2024 20:18:13 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXjGKfL4jiSiOPMtVwO+qG6+Pq5Kz6NQ65NhgZXkHc0SpyECjulaPq9ZlfVk3QK41GMep6GptS1WbhrmuFuqqa3oegpwpNLUeJMCg== X-Google-Smtp-Source: AGHT+IFV3N6TaQJxekuvMr+4MYxDk50tSFyXMl1KKCRPFNdBovggyu92XjIwlzM5+CPvwWDRrKR2 X-Received: by 2002:a50:ccd1:0:b0:56b:d1c6:66a5 with SMTP id b17-20020a50ccd1000000b0056bd1c666a5mr12778155edj.6.1712027893475; Mon, 01 Apr 2024 20:18:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712027893; cv=none; d=google.com; s=arc-20160816; b=oLx94I182HPHTpQLxMdQiKAY204UczIib5sWjgzPvxR/uXHFgGPRgNxLg55cpZ8jPe UpUxPqzHrgOGGugIUX6OeOPUm45nbTr2QcCJ715nD0PBUZ6p24QD7gUc6fKap+tT/BFv OwradOL5iOi/Y6O7XxH2FXb2zAEYI1rcMsuXtux7b3BQZuXVA8loZYA7MKc2pSVAtpP8 H1luvTBTAs90VS54UV7nRrOJClC56rdy55nMvpW3mzdO8RmSXVRRSmbpgumBZJJb1Sz3 4Y4Fqvbkp3uuBnZhvXHqzLxV0wznIMh/JTlWOluHsqk1nGVszuoXw71blEkBIQgTF1Qf d/kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=fKh11txqGhQOO6m5Mw47sz+bU/qrj45bthBPFKKYCmg=; fh=YOA8vD9MJZuwZ71F/05pj6KdCjf6jQRmzLS+CATXUQk=; b=NqTIOmAkuZUH22wJo4cWcCcZcaizneZ3/Xc98TWc3/+dIGIpOpwhoRc3MV6+gHOygg rmR2CX3qb0wBPM98UP8PnAW/XxdYEKNwydnq498gRH1XMgglKhqv9QCQUG01/DLTAz6M gluLvm7G1sE4lY9o1NDHqwPxTxv3eXY7Ubq9gT1/DtV+2I3QCJXfFrgHhOvkcJobwyv0 FRAsLYLR603k6jsXpLsOMebCtscesW3AxCWf3kAUNO2fvXcQ8AYWW/n4fryYoBmZvN+6 c2mDDGsgtAFUdPPNlL8IQt9afiRqS3Rf55ICeeVsdY6Fxloz9GSGg63xNNd02d/tZq05 WVqg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=DIMiJ0Bv; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id t1-20020a056402524100b0056de760c649si229708edd.298.2024.04.01.20.18.13; Mon, 01 Apr 2024 20:18:13 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=DIMiJ0Bv; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 16C7968D0A4; Tue, 2 Apr 2024 06:18:10 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1275B68C1D9 for ; Tue, 2 Apr 2024 06:18:04 +0300 (EEST) Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-5d8b70b39efso3213013a12.0 for ; Mon, 01 Apr 2024 20:18:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712027881; x=1712632681; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=eqLbWHNRq+DXIzxH6h0MXJIztTG4FUkvlqvr9Ry/c90=; b=DIMiJ0BvyZKkcfeZOagS1VQsQnn/tAA8NMjg82GXQA6Iz8xczrkiqTTusueQz8q8x3 SmYWn1omm2nFlEx3xx498mXc37wlhyyFBblEXKDCLuhbhrGvuy8BhgYXj7gH5npm6HZD 407nyYvxAme7XJn5B3pg77GTnz9xyV4VjxBmQdzQAWGw57fnqG6ZrVdRsfjzYUprkJkR SgKHTC3/4HrOsnEVJakpTNidJtWSkfd/CG3U5k1CigcNT3bytsfGlWytNc65NfcPbPFo wSI4uzBbpyII+hq9kZwFlD69wagmNgKVqr75C6XqkOmTd2s7iIr8ycsmiHN5o5nBCQtD BW5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712027881; x=1712632681; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eqLbWHNRq+DXIzxH6h0MXJIztTG4FUkvlqvr9Ry/c90=; b=kaNxN+mXDrdkriVuCIJ4/XvN4Ujrh44owIyz9iG1ucbU9xPv2jg/Gsem7F5cfVLBxP KWF8RdMUXAlGPJ2denX05CX09ox972YYYHDab8jEusPlS7FRIfxoU94nTjh7QVISounZ fCF4gpFzpvLAwhaMhaukpIY30nr8sckPypGyyZsUucYiMnOUKzXOGMSx/aj+sty43Q/8 V2sOfl8d3bmmBUE8U4AINIfwYe4YwNTxRdfgW0+kgf8YpJ3w2+K8LYNy7XZxq7o+J0qB KJVKIVpFavehK84LJBnZSsI7FXtcXHAIn5/9Z7Uw6URao8Ox61jzppTEVmsogmqzDjKK XKrQ== X-Gm-Message-State: AOJu0YyaElrFBHTUDOdSB48kqoIXLnZhDRxEaUCYvZJVbxNRiBN7WlIS PSRH9/9+h3T63ZeebrMWXt57MdfjnB7R36FZ4KuGQ+XgqtTLiI6HbbVw43La X-Received: by 2002:a05:6a20:7491:b0:1a7:23a9:2600 with SMTP id p17-20020a056a20749100b001a723a92600mr99861pzd.59.1712027881343; Mon, 01 Apr 2024 20:18:01 -0700 (PDT) Received: from localhost.localdomain ([190.194.167.233]) by smtp.gmail.com with ESMTPSA id g12-20020a170902fe0c00b001e26ba8882fsm408652plj.287.2024.04.01.20.18.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Apr 2024 20:18:00 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Tue, 2 Apr 2024 00:17:58 -0300 Message-ID: <20240402031800.7159-1-jamrial@gmail.com> X-Mailer: git-send-email 2.44.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/3] avformat/mov: take into account the first eight bytes in the keys atom X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: nsncLTm6y6TO Signed-off-by: James Almer --- libavformat/mov.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 2b7ddc516c..3273e2e89b 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5024,6 +5024,7 @@ static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom) avio_skip(pb, 4); count = avio_rb32(pb); + atom.size -= 8; if (count > UINT_MAX / sizeof(*c->meta_keys) - 1) { av_log(c->fc, AV_LOG_ERROR, "The 'keys' atom with the invalid key count: %"PRIu32"\n", count); From patchwork Tue Apr 2 03:17:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 47724 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id mm22csp1113319pzb; Mon, 1 Apr 2024 20:18:21 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUXtNze2YYal/y/eAh+LNRKVS9cYrRPDyXxHO+wyDfcbTH3D2ldR7uoDBbQFGzRT9DfUSA83yG1fA1k8lOZvJFww4vAeQqzXI+tNA== X-Google-Smtp-Source: AGHT+IE10X4yZFSLu9BRY+tNYNGUON+A6kNJfhGgMABJOX3DTGqgST/AQPasLJ0t+iywY5hzykdo X-Received: by 2002:a17:906:250c:b0:a4e:4ed4:5efb with SMTP id i12-20020a170906250c00b00a4e4ed45efbmr4708593ejb.3.1712027901627; Mon, 01 Apr 2024 20:18:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712027901; cv=none; d=google.com; s=arc-20160816; b=hGbkXoLvTIONIQgMG8gpInTc4iksYWi2AFP7RiaB7+MNHpbyKZEO4t/yy+JxvObXfZ UzHKu2n0zcGDbs2gNRqGFEQbyiFyBDcq/iaLIugh3eQRATFHgrOGHIhmkUxmPhfY5YLR 8saFJS+8MR6PjVjal5ImpF6kjKfzWEYCkLn4vvCHGfeDRY4/AulTRAI3UK2OJ4V7yd8q FZeGLfuEkht/HVE3TLokdEnnWs9DqxakvuQTXINGdH7Dd5X4L8P8OvheSWKTh9Z8eCEJ GbwknepKH2CSceLZ4ABA5DW+PiR/EkFEc1/myfro5GuvXHfuWS6RHgg03Jc6pQqfJ31P RHOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=gv5JpmFZWVLkD5hlGpgeZmiMTLHM418yFu5fErXtEY8=; fh=YOA8vD9MJZuwZ71F/05pj6KdCjf6jQRmzLS+CATXUQk=; b=AGjE5PBaPpfRTRDtkgQ/4EOQqpTG5+mpYz6P/Mn1zPZAciOD1WH8irvtX+AXM3xWrv ggqnC03hVENHdsA23QmEsRKoUwb4Wm69dTDf3/xm7RY3WFZn+9FJGwa1ddYUFZGetL8E 2fGt32eKACOK/pNxLHgM7bFUXycQoKjnoEw40m/msguSrdfuWSEkEZ3j1DWY7pgoKf4V bD1/6tvWeTQiodlHLDN7wxgXkTdgy4anKJ/y/UsmPu1+sRFppLy3KhlYw6UHCvXNw1s/ LoFEyA2jjnnkm/03MwPeFh2264jN04I9+VkuZpXoOXBx9Iu4Xja15E0GNajhoyNCyn3k 1UWQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=ByCUXQXM; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id ko10-20020a170907986a00b00a4e513652a0si2888485ejc.516.2024.04.01.20.18.21; Mon, 01 Apr 2024 20:18:21 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=ByCUXQXM; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2F56F68D0CE; Tue, 2 Apr 2024 06:18:11 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 444DE68D0A6 for ; Tue, 2 Apr 2024 06:18:05 +0300 (EEST) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1e0edd0340fso42001305ad.2 for ; Mon, 01 Apr 2024 20:18:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712027883; x=1712632683; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QOtJAnhNuq1t+a0g+EZpL3rBqoyqNx8iYzruPICtfLE=; b=ByCUXQXM+hi9LVzwvkAC1HiRT8p0/6kWWHw9fW5F15RuHWd/VzpfNv/Q5S2vOG58wp nQ9dN4E98A9DP2iRzUugzvbgjpC0oYmDU26pR66bJtU4wr2zlDqwcIfQrAa6r+hqc7Do VmZYlXVgrAc0O+UaCTRtoLfgG7Q4o/a0P1FSuYkQfKXgl92i/NMCnIz2NmC3vL7LhQBE bbXPKxZAmyiL6tzP8fQchtJHBWk3JQgdoEEriKNK/cDkDUQgEpOW++3c+9TYfFhfUoUj +RVwkY1dkTw/4NGwKFO/vWbVgNEJqc9+VN2w9Acvmu0NTHLcGrvsOT6D+AN5ya77EZYM 3JLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712027883; x=1712632683; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QOtJAnhNuq1t+a0g+EZpL3rBqoyqNx8iYzruPICtfLE=; b=Usuo0Cw9NBtELsqjogSa6Z+wTq/REvevoW5bHl6/f/ni7kfJ8AP74hE0RdxJ1B1kX7 pUcasXYdaunrajsU4WYM6xIbbvifkmXDWfDbVH56S1lcQV8RbtSOZ1qSd2oxggjpc4Nu 912RLu3iHDeGeoK2iUfhJ8OSyGuUOzfyg8meZWNJpq2VKF9PN/yLVx0aYSLQuC+AcOaE 2abYDS0rvsC9heTMXN0DvpTGkjg3QX8ceyCwagDH25sd6Eh/9gyAphRp+VbIXudlYz0W hIAS2YWTRpku+KbS1vWE+pylujyBUGiUg02GfhfaLPO1sWG7ztNuQfv74CV03RKZGXDx eHnQ== X-Gm-Message-State: AOJu0YylBIoUhnM87PkQO3XEzSipQqTpj+SR0uvoCmMHlD4ja9I3w9IE iq6R1a4Nky5rJMh8VHR1W5nO7GJhdcUQbKfMSsClU4SBhMgElV+fWWwKLiJN X-Received: by 2002:a17:902:ce84:b0:1e0:e85b:3389 with SMTP id f4-20020a170902ce8400b001e0e85b3389mr14809820plg.3.1712027882772; Mon, 01 Apr 2024 20:18:02 -0700 (PDT) Received: from localhost.localdomain ([190.194.167.233]) by smtp.gmail.com with ESMTPSA id g12-20020a170902fe0c00b001e26ba8882fsm408652plj.287.2024.04.01.20.18.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Apr 2024 20:18:02 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Tue, 2 Apr 2024 00:17:59 -0300 Message-ID: <20240402031800.7159-2-jamrial@gmail.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240402031800.7159-1-jamrial@gmail.com> References: <20240402031800.7159-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/3] avformat/mov: don't read key_size bytes twice in the keys atom X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: v0OjhQ7Q3Nnp We only support mdta as type, yet we were not skipping other types, but rather reading key_size worth of bytes twice per entry. Signed-off-by: James Almer --- libavformat/mov.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 3273e2e89b..a935ef7326 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5049,6 +5049,7 @@ static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom) key_size -= 8; if (type != MKTAG('m','d','t','a')) { avio_skip(pb, key_size); + continue; } c->meta_keys[i] = av_mallocz(key_size + 1); if (!c->meta_keys[i]) From patchwork Tue Apr 2 03:18:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 47725 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id mm22csp1113371pzb; Mon, 1 Apr 2024 20:18:29 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVj9DyWFH9O5k3OlOOgh9EXPuiIeSkrfwc1dYHu41GIagyPLeq4pE/E3iEIbBjxXV0Wfs6uWg0ZZjDiUT2ZS69FXyWLqUwKqSP3YQ== X-Google-Smtp-Source: AGHT+IHNQg592ArKrYwUl2J8Oms/+rCTaSmRNoEi5miosmqUF2AX4qFYVX/QJZBm7iFGhYrQzLzQ X-Received: by 2002:a05:6402:268c:b0:56b:b8c8:53e4 with SMTP id w12-20020a056402268c00b0056bb8c853e4mr7330237edd.4.1712027909189; Mon, 01 Apr 2024 20:18:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712027909; cv=none; d=google.com; s=arc-20160816; b=yvTt6xBdo+4/u+ee8B2rpKgIiXr0Cjigr6iRA7FdUOedwmxbfcDZIs9f6vJ9S0/B4i p0NaOes7QTrN8IjTPpY6skdbbEwFocAfyiycCLaDoUMrRyihrI8OZpDMhBiRbrQfPhGI 9NSVbz4iaJ17g14wHg8bvRDrVyxGCQC6oqySqitcHoKOxx404GRj9VI1bIFkX+trMEde nL5I2jlwfrqvxfiiAMfvNB8VOI8ZPaxXXL8lDaDV9ksqqyDgyrnI05WWcn34VMlXLFlS /GaP7ieKV9sR5jBRVK//fUP9fOtQ1exFulUxZoiDR2tDrzN1bdRoLVEmfRwtUmPYmT46 XBxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=r5wDVnNwUtnkdlViHTqpVPW6K3Eg+35brOcNnNWqLIs=; fh=YOA8vD9MJZuwZ71F/05pj6KdCjf6jQRmzLS+CATXUQk=; b=NRJIZSChCTIRKKQkYkdC73KdEuVQwASJdJrILNjrhibKuYC1RiEZAYYe/neodXmL1q fkjdYpQkkwefI9zRzFLIJf9DXVGKjC0FLjRlrAyJiWA/cNpNo+ooPS61EZdrR2jtM8/N kV3sjnNTRZWuJkQzhs1zW5sHT1lp3Tmp2Af2mKuw5L4xKOAGxdXHlmeoUlB/Q3UOsy5T XkRA8a5H+UXIUTtB/K4KqQKuJ/Y2HaGOW8XaQO1Kr4f5UMUGtNIuar0b9Tp5uHhBTBmT VZUwO4ZHLK1APSlRIkYj6EiK4woP4Om083YYT/VrJMISipfbD3fyf48dtxrBtxbrrfT3 +XGw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=RpYbjVnB; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id c8-20020a05640227c800b0056c1a113823si5394455ede.595.2024.04.01.20.18.28; Mon, 01 Apr 2024 20:18:29 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=RpYbjVnB; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4F5E568D0EA; Tue, 2 Apr 2024 06:18:13 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9A75268D0AF for ; Tue, 2 Apr 2024 06:18:06 +0300 (EEST) Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-53fbf2c42bfso3656173a12.3 for ; Mon, 01 Apr 2024 20:18:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712027884; x=1712632684; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zDwqXl+boUZrg4F/SbBktHSnWtDWuEr7IVcjxIf+3VE=; b=RpYbjVnB6doJoy1NWMpdzabciHIY1E9XP5uXX6L4D7kSV0gbwjFRxvwWeU9e5JZVZc zQtC7qLCEQy2Xjo1vYrLs1uI1LQElsMjPzTaepjEe5mN9vC2RjIBIJkyq8w0Jhu3cdvG 1x+JqlQO23yRdGZHu3BkXcllR2u0JYLyF/5s2AzgX0TbDGjCb2+pKI/yLc1ylNjeu2hR MCxiboJ82mf026yxxhf3dGYoeWRbAWBRc+U1jiQrC1uYE9ylJ4X6lc65msmOrnDuyxS0 opjOZjijyvY3InbKLKgXoZSotAVrC22Q9Cja1YquZrRnC21nrNNXsqvbUPS9c3CjH9mw 4nCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712027884; x=1712632684; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zDwqXl+boUZrg4F/SbBktHSnWtDWuEr7IVcjxIf+3VE=; b=QUUZIXhxBZ/pirxRsXeZWc2aLOSMVDQERseVzGw3rhp3MF6wWFn13RcPD3lkbOxxFS yPgQ8enFfqj0Wjl41R39/6oELuF/xPfshBDF8KmP5Dr1RVxvza5tAGlrnShu71adgVNE 9Bzo9Dtz5fdOo0/0nc9+CvYQKFTpMi3exeZC5L+0M7QbvHTzv8dhYaUl1XXprkSxU/+j YiPnT2sbWiuCd60oZqJje7dmOuJxBo4OP/62Gt6VAplCmRvlZvHR2MzTBd2f75BxCTyK 5H51ZVfu3KCbdiRqbPdzJCqR4HT/QTF5y4/vV+D+f7H+dKDB96GX0atmQZSAfhstWGkg EnVw== X-Gm-Message-State: AOJu0YxSDJ+VH5gkA2wlw5L98elENOR/xwB0OaLzXARqcaZsMidrHB87 rBrRunVGHPP0/3cPnnxBwHWtMGOC6+IY6JmG04HobKFkms5/fW0+cy5HI4pG X-Received: by 2002:a17:902:7847:b0:1e0:1bff:59e2 with SMTP id e7-20020a170902784700b001e01bff59e2mr11195601pln.39.1712027884129; Mon, 01 Apr 2024 20:18:04 -0700 (PDT) Received: from localhost.localdomain ([190.194.167.233]) by smtp.gmail.com with ESMTPSA id g12-20020a170902fe0c00b001e26ba8882fsm408652plj.287.2024.04.01.20.18.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Apr 2024 20:18:03 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Tue, 2 Apr 2024 00:18:00 -0300 Message-ID: <20240402031800.7159-3-jamrial@gmail.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240402031800.7159-1-jamrial@gmail.com> References: <20240402031800.7159-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 3/3] avformat/mov: fix the entry count overflow check in the keys atom X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: GPnHd/nnr7+h Signed-off-by: James Almer --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index a935ef7326..9fca402896 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5025,7 +5025,7 @@ static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom) avio_skip(pb, 4); count = avio_rb32(pb); atom.size -= 8; - if (count > UINT_MAX / sizeof(*c->meta_keys) - 1) { + if (count + 1LL > UINT_MAX / sizeof(*c->meta_keys)) { av_log(c->fc, AV_LOG_ERROR, "The 'keys' atom with the invalid key count: %"PRIu32"\n", count); return AVERROR_INVALIDDATA;