mov: log and return early on non-positive stsd entry counts
authorSean McGovern <gseanmcg@gmail.com>
Fri, 28 Jul 2017 20:17:33 +0000 (16:17 -0400)
committerSean McGovern <gseanmcg@gmail.com>
Sun, 30 Jul 2017 14:51:12 +0000 (10:51 -0400)
Based on an FFmpeg patch by Michael Niedermayer <michael@niedermayer.cc>

libavformat/mov.c

index bf68fbd..8ff6022 100644 (file)
@@ -1875,6 +1875,11 @@ static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     avio_rb24(pb); /* flags */
     entries = avio_rb32(pb);
 
+    if (entries <= 0) {
+        av_log(c->fc, AV_LOG_ERROR, "invalid STSD entries %d\n", entries);
+        return AVERROR_INVALIDDATA;
+    }
+
     if (sc->extradata) {
         av_log(c->fc, AV_LOG_ERROR,
                "Duplicate stsd found in this track.\n");