[FFmpeg-devel] [PATCH] avformat/mov: add more sanity checks when reading clap boxes
James Almer
jamrial at gmail.com
Wed Jun 4 20:02:15 EEST 2025
If the apperture window is bigger than the canvas, then the clap box is invalid
and there's no point calculating cropping values.
Fixes: libavformat/mov.c:1295:14: runtime error: -256 is outside the range of representable values of type 'unsigned long'
Signed-off-by: James Almer <jamrial at gmail.com>
---
libavformat/mov.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 8a094b1ea0..1890fcb280 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1277,6 +1277,11 @@ static int mov_read_clap(MOVContext *c, AVIOContext *pb, MOVAtom atom)
err = AVERROR_INVALIDDATA;
goto fail;
}
+ if ((av_cmp_q((AVRational) { width, 1 }, aperture_width) < 0) ||
+ (av_cmp_q((AVRational) { height, 1 }, aperture_height) < 0)) {
+ err = AVERROR_INVALIDDATA;
+ goto fail;
+ }
av_log(c->fc, AV_LOG_TRACE, "clap: apertureWidth %d/%d, apertureHeight %d/%d "
"horizOff %d/%d vertOff %d/%d\n",
aperture_width.num, aperture_width.den, aperture_height.num, aperture_height.den,
--
2.49.0
More information about the ffmpeg-devel
mailing list