[FFmpeg-cvslog] qt-faststart: Check offset_count
Michael Niedermayer
git at videolan.org
Thu Dec 13 15:27:43 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Dec 13 15:07:20 2012 +0100| [0ea4742341726ebe42c301bc0d6426cfa01dd134] | committer: Michael Niedermayer
qt-faststart: Check offset_count
Fixes CID733836
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ea4742341726ebe42c301bc0d6426cfa01dd134
---
tools/qt-faststart.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tools/qt-faststart.c b/tools/qt-faststart.c
index ecf163a..c9aa6e8 100644
--- a/tools/qt-faststart.c
+++ b/tools/qt-faststart.c
@@ -235,6 +235,10 @@ int main(int argc, char *argv[])
goto error_out;
}
offset_count = BE_32(&moov_atom[i + 8]);
+ if (i + 12LL + offset_count * 4LL > moov_atom_size) {
+ printf(" bad atom size\n");
+ goto error_out;
+ }
for (j = 0; j < offset_count; j++) {
current_offset = BE_32(&moov_atom[i + 12 + j * 4]);
current_offset += moov_atom_size;
@@ -252,6 +256,10 @@ int main(int argc, char *argv[])
goto error_out;
}
offset_count = BE_32(&moov_atom[i + 8]);
+ if (i + 12LL + offset_count * 8LL > moov_atom_size) {
+ printf(" bad atom size\n");
+ goto error_out;
+ }
for (j = 0; j < offset_count; j++) {
current_offset = BE_64(&moov_atom[i + 12 + j * 8]);
current_offset += moov_atom_size;
More information about the ffmpeg-cvslog
mailing list