From 082f6ddb5c19a62845ffd74a79f1d30e73d5926e Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 29 Apr 2026 01:49:59 +0200
Subject: [PATCH] avformat/mov: check extradata in mov_read_dops()

We do want to limit an attackers ability to change once parsed structures.
So once extradata (or another array) is finished and possibly has been used we do not
want to allow an attacker to change it.

This reduces the attack surface

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7c67748537d984d607b923aab6959bc85835c769)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index e224d44e1a..cae162490d 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -6845,7 +6845,7 @@ static int mov_read_dops(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return 0;
     st = c->fc->streams[c->fc->nb_streams-1];
 
-    if ((uint64_t)atom.size > (1<<30) || atom.size < 11)
+    if ((uint64_t)atom.size > (1<<30) || atom.size < 11 || st->codecpar->extradata)
         return AVERROR_INVALIDDATA;
 
     /* Check OpusSpecificBox version. */