[FFmpeg-cvslog] avformat/mov: add more sanity checks when reading clap boxes
James Almer
git at videolan.org
Sun Jun 22 16:31:54 EEST 2025
ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Wed Jun 4 14:02:15 2025 -0300| [f789d60e115e3e2ef48d36c5fa43686a6cf3f9c8] | committer: James Almer
avformat/mov: add more sanity checks when reading clap boxes
If the apperture window is bigger than the canvas, then the clap box is invalid
and there's no point calculating cropping values.
Fixes: libavformat/mov.c:1295:14: runtime error: -256 is outside the range of representable values of type 'unsigned long'
Signed-off-by: James Almer <jamrial at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f789d60e115e3e2ef48d36c5fa43686a6cf3f9c8
---
libavformat/mov.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index a2a9c10f20..0f4a5cd9a3 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1277,6 +1277,11 @@ static int mov_read_clap(MOVContext *c, AVIOContext *pb, MOVAtom atom)
err = AVERROR_INVALIDDATA;
goto fail;
}
+ if ((av_cmp_q((AVRational) { width, 1 }, aperture_width) < 0) ||
+ (av_cmp_q((AVRational) { height, 1 }, aperture_height) < 0)) {
+ err = AVERROR_INVALIDDATA;
+ goto fail;
+ }
av_log(c->fc, AV_LOG_TRACE, "clap: apertureWidth %d/%d, apertureHeight %d/%d "
"horizOff %d/%d vertOff %d/%d\n",
aperture_width.num, aperture_width.den, aperture_height.num, aperture_height.den,
More information about the ffmpeg-cvslog
mailing list