diff options
| author | Carl Eugen Hoyos <cehoyos@ag.or.at> | 2015-04-04 17:35:06 +0200 |
|---|---|---|
| committer | Carl Eugen Hoyos <cehoyos@ag.or.at> | 2015-04-04 17:35:06 +0200 |
| commit | 072198166e9a333662042deef066fe41b3ad8070 (patch) | |
| tree | eb9980bce7812e284b283c563521eb18eec09f06 | |
| parent | 4b030025278ac4adc3616510f36de4c7a113c5fb (diff) | |
| download | ffmpeg-072198166e9a333662042deef066fe41b3ad8070.tar.gz | |
lavf/mov: Do not overread iTunes metadata.
Fixes ticket #4425.
| -rw-r--r-- | libavformat/mov.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c index dc31e5a6f7..c63e817276 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -342,7 +342,7 @@ retry: if (c->itunes_metadata && atom.size > 8) { int data_size = avio_rb32(pb); int tag = avio_rl32(pb); - if (tag == MKTAG('d','a','t','a')) { + if (tag == MKTAG('d','a','t','a') && data_size <= atom.size) { data_type = avio_rb32(pb); // type avio_rb32(pb); // unknown str_size = data_size - 16; |