diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2012-12-13 15:07:20 +0100 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2012-12-13 15:07:20 +0100 |
commit | 0ea4742341726ebe42c301bc0d6426cfa01dd134 (patch) | |
tree | e5c217f55402b1fe23f603112e9cadfc136b4804 /tools/qt-faststart.c | |
parent | eee8c94f50bfcd93c1f761b4e6b55bec3815616d (diff) | |
download | ffmpeg-0ea4742341726ebe42c301bc0d6426cfa01dd134.tar.gz |
qt-faststart: Check offset_count
Fixes CID733836
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'tools/qt-faststart.c')
-rw-r--r-- | tools/qt-faststart.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/tools/qt-faststart.c b/tools/qt-faststart.c index ecf163a947..c9aa6e8287 100644 --- a/tools/qt-faststart.c +++ b/tools/qt-faststart.c @@ -235,6 +235,10 @@ int main(int argc, char *argv[]) goto error_out; } offset_count = BE_32(&moov_atom[i + 8]); + if (i + 12LL + offset_count * 4LL > moov_atom_size) { + printf(" bad atom size\n"); + goto error_out; + } for (j = 0; j < offset_count; j++) { current_offset = BE_32(&moov_atom[i + 12 + j * 4]); current_offset += moov_atom_size; @@ -252,6 +256,10 @@ int main(int argc, char *argv[]) goto error_out; } offset_count = BE_32(&moov_atom[i + 8]); + if (i + 12LL + offset_count * 8LL > moov_atom_size) { + printf(" bad atom size\n"); + goto error_out; + } for (j = 0; j < offset_count; j++) { current_offset = BE_64(&moov_atom[i + 12 + j * 8]); current_offset += moov_atom_size; |