[FFmpeg-cvslog] lavf/mov: Do not overread iTunes metadata.

Sat Apr 4 20:58:15 CEST 2015

ffmpeg | branch: master | Carl Eugen Hoyos <cehoyos at ag.or.at> | Sat Apr  4 17:35:06 2015 +0200| [072198166e9a333662042deef066fe41b3ad8070] | committer: Carl Eugen Hoyos

lavf/mov: Do not overread iTunes metadata.

Fixes ticket #4425.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=072198166e9a333662042deef066fe41b3ad8070
---

 libavformat/mov.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index dc31e5a..c63e817 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -342,7 +342,7 @@ retry:
     if (c->itunes_metadata && atom.size > 8) {
         int data_size = avio_rb32(pb);
         int tag = avio_rl32(pb);
-        if (tag == MKTAG('d','a','t','a')) {
+        if (tag == MKTAG('d','a','t','a') && data_size <= atom.size) {
             data_type = avio_rb32(pb); // type
             avio_rb32(pb); // unknown
             str_size = data_size - 16;

