[FFmpeg-devel] [PATCH] avformat/mov: use an array of pointers for heif_item
James Almer
jamrial at gmail.com
Sun Nov 10 16:46:25 EET 2024
On 11/8/2024 8:45 PM, James Almer wrote:
> Pointers to specific entries in the array are stored in other structs, so
> in the scenario where heif_item was reallocated when parsing an iloc box after
> and iinf one, the pointers may end up referencing freed memory.
>
> Fixes use-after-free with such samples.
>
> Signed-off-by: James Almer <jamrial at gmail.com>
> ---
> libavformat/isom.h | 2 +-
> libavformat/mov.c | 75 ++++++++++++++++++++++++++++++----------------
> 2 files changed, 51 insertions(+), 26 deletions(-)
Will apply.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20241110/12ff38e8/attachment.sig>
More information about the ffmpeg-devel
mailing list