[FFmpeg-devel] [PATCH] mov: Fix spherical metadata_source parsing.
James Almer
jamrial at gmail.com
Sat Jan 28 03:53:37 EET 2017
On 1/27/2017 2:44 PM, Aaron Colwell wrote:
> The metadata_source field is a null-terminated string, like other ISOBMFF
> strings, not an 8-bit length followed by string characters. This patch
> fixes the parsing code so it rejects svhd boxes that are too small and
> skips to the end of the svhd box since we don't actually care about the
> contents of the
> metadata_source field.
>
>
> 0001-mov-Fix-spherical-metadata_source-parsing.patch
>
>
> From f63f65135e7059376acff3acc0e5268a8861d21d Mon Sep 17 00:00:00 2001
> From: Aaron Colwell <acolwell at google.com>
> Date: Fri, 27 Jan 2017 09:33:29 -0800
> Subject: [PATCH] mov: Fix spherical metadata_source parsing.
>
> The metadata_source field is a null-terminated string, like other ISOBMFF strings,
> not an 8-bit length followed by string characters. This patch fixes the parsing
> code so it rejects svhd boxes that are too small and skips to the end of the svhd
> box since we don't actually care about the contents of the
> metadata_source field.
> ---
> libavformat/mov.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index 7dc550eb99..b1bfa0a35f 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -4566,7 +4566,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> }
>
> size = avio_rb32(pb);
> - if (size > atom.size)
> + if (size <= 12 || size > atom.size)
> return AVERROR_INVALIDDATA;
>
> tag = avio_rl32(pb);
> @@ -4575,7 +4575,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> return 0;
> }
> avio_skip(pb, 4); /* version + flags */
> - avio_skip(pb, avio_r8(pb)); /* metadata_source */
> + avio_skip(pb, size - 12); /* metadata_source */
>
> size = avio_rb32(pb);
> if (size > atom.size)
> -- 2.11.0.483.g087da7b7c-goog
Pushed, thanks.
More information about the ffmpeg-devel
mailing list