diff options
| author | erankor <eran.kornblau@kaltura.com> | 2018-06-13 11:48:20 +0300 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2018-06-13 21:55:19 +0200 |
| commit | ee09ffbfd2f744e796d6289523f396d830c025a3 (patch) | |
| tree | dba445b227fb4ee2c75cb64a0dfa1551a8b0fb1c /tools/qt-faststart.c | |
| parent | 2fc108f60f98cd00813418a8754a46476b404a3c (diff) | |
| download | ffmpeg-ee09ffbfd2f744e796d6289523f396d830c025a3.tar.gz | |
qt-faststart: add validation on ftyp atom size
avoid trying to allocate an unreasonably sized buffer on corrupt files
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'tools/qt-faststart.c')
| -rw-r--r-- | tools/qt-faststart.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tools/qt-faststart.c b/tools/qt-faststart.c index d0ae7245f3..9446c11f80 100644 --- a/tools/qt-faststart.c +++ b/tools/qt-faststart.c @@ -84,6 +84,7 @@ #define ATOM_PREAMBLE_SIZE 8 #define COPY_BUFFER_SIZE 33554432 +#define MAX_FTYP_ATOM_SIZE 1048576 int main(int argc, char *argv[]) { @@ -133,6 +134,11 @@ int main(int argc, char *argv[]) /* keep ftyp atom */ if (atom_type == FTYP_ATOM) { + if (atom_size > MAX_FTYP_ATOM_SIZE) { + printf("ftyp atom size %"PRIu64" too big\n", + atom_size); + goto error_out; + } ftyp_atom_size = atom_size; free(ftyp_atom); ftyp_atom = malloc(ftyp_atom_size); |