eessppeelllloo/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-05-11 21:42:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

avformat/mov: check extradata in mov_read_dops()

Browse Source 
We do want to limit an attackers ability to change once parsed structures.
So once extradata (or another array) is finished and possibly has been used we do not
want to allow an attacker to change it.

This reduces the attack surface

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7c67748537)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-04-29 01:49:59 +02:00
parent e954e4632b
commit 082f6ddb5c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libavformat/mov.c
+1 -1
View File
@@ -6845,7 +6845,7 @@ static int mov_read_dops(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
if ((uint64_t)atom.size > (1<<30) || atom.size < 11)
if ((uint64_t)atom.size > (1<<30) || atom.size < 11 || st->codecpar->extradata)
return AVERROR_INVALIDDATA;
/* Check OpusSpecificBox version. */