[FFmpeg-devel] [PATCH 1/2] qt-faststart - stricter input validations
Michael Niedermayer
michael at niedermayer.cc
Wed May 30 02:39:44 EEST 2018
On Tue, May 29, 2018 at 02:35:23PM +0000, Eran Kornblau wrote:
> Hi,
>
> The attached patch fixes a couple of input validation issues in fast start that I noticed while going over the code
>
> Thanks
>
> Eran
> qt-faststart.c | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)
> 1dad4dfcdd67328ed163440550917a3f8fdcb40d 0001-qt-faststart-stricter-input-validations.patch
> From 26ef40268fce426eea608400f81cf2e4d413fca5 Mon Sep 17 00:00:00 2001
> From: erankor <eran.kornblau at kaltura.com>
> Date: Tue, 29 May 2018 16:18:05 +0300
> Subject: [PATCH 1/2] qt-faststart - stricter input validations
>
> 1. validate the moov size before checking for cmov atom
> 2. avoid performing arithmetic operations on unvalidated numbers
> 3. verify the stco/co64 offset count does not overflow the stco/co64
> atom (not only the moov atom)
> ---
> tools/qt-faststart.c | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)
will apply
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180530/a991825c/attachment.sig>
More information about the ffmpeg-devel
mailing list