Bug fix of a large amount memory allocation

author Jiyong <jiyong.min@samsung.com>

Fri, 16 Aug 2024 01:04:12 +0000 (10:04 +0900)

committer Jiyong <jiyong.min@samsung.com>

Fri, 16 Aug 2024 01:38:00 +0000 (10:38 +0900)
author Jiyong <jiyong.min@samsung.com>
Fri, 16 Aug 2024 01:04:12 +0000 (10:04 +0900)
committer Jiyong <jiyong.min@samsung.com>
Fri, 16 Aug 2024 01:38:00 +0000 (10:38 +0900)
diff --git a/libavformat/mov.c b/libavformat/mov.c

index ca67f03..288dd77 100644 (file)
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -4813,15 +4813,17 @@ static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom)
      for (i = 1; i <= count; ++i) {
          uint32_t key_size = avio_rb32(pb);
          uint32_t type = avio_rl32(pb);
-        if (key_size < 8) {
+        if (key_size < 8 || key_size > atom.size) {
              av_log(c->fc, AV_LOG_ERROR,
                     "The key# %"PRIu32" in meta has invalid size:"
                     "%"PRIu32"\n", i, key_size);
              return AVERROR_INVALIDDATA;
          }
+        atom.size -= key_size;
          key_size -= 8;
          if (type != MKTAG('m','d','t','a')) {
              avio_skip(pb, key_size);
+            continue;
          }
          c->meta_keys[i] = av_mallocz(key_size + 1);
          if (!c->meta_keys[i])
diff --git a/packaging/ffmpeg.spec b/packaging/ffmpeg.spec

index 48bc3ad..9c27b79 100644 (file)
--- a/packaging/ffmpeg.spec
+++ b/packaging/ffmpeg.spec
@@ -1,7 +1,7 @@
  Name:       ffmpeg
  Summary:    AV codec lib
  Version:    6.1
-Release:    2
+Release:    3
  Group:      Multimedia/Libraries
  URL:        https://ffmpeg.org/
  License:    LGPL-2.1+
author	Jiyong <jiyong.min@samsung.com>
	Fri, 16 Aug 2024 01:04:12 +0000 (10:04 +0900)
committer	Jiyong <jiyong.min@samsung.com>
	Fri, 16 Aug 2024 01:38:00 +0000 (10:38 +0900)
libavformat/mov.c		patch \| blob \| history
packaging/ffmpeg.spec		patch \| blob \| history