ffmpeg | branch: master | James Almer <jamr...@gmail.com> | Wed Jun 4 14:02:15 2025 -0300| [f789d60e115e3e2ef48d36c5fa43686a6cf3f9c8] | committer: James Almer
avformat/mov: add more sanity checks when reading clap boxes If the apperture window is bigger than the canvas, then the clap box is invalid and there's no point calculating cropping values. Fixes: libavformat/mov.c:1295:14: runtime error: -256 is outside the range of representable values of type 'unsigned long' Signed-off-by: James Almer <jamr...@gmail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f789d60e115e3e2ef48d36c5fa43686a6cf3f9c8 --- libavformat/mov.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index a2a9c10f20..0f4a5cd9a3 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1277,6 +1277,11 @@ static int mov_read_clap(MOVContext *c, AVIOContext *pb, MOVAtom atom) err = AVERROR_INVALIDDATA; goto fail; } + if ((av_cmp_q((AVRational) { width, 1 }, aperture_width) < 0) || + (av_cmp_q((AVRational) { height, 1 }, aperture_height) < 0)) { + err = AVERROR_INVALIDDATA; + goto fail; + } av_log(c->fc, AV_LOG_TRACE, "clap: apertureWidth %d/%d, apertureHeight %d/%d " "horizOff %d/%d vertOff %d/%d\n", aperture_width.num, aperture_width.den, aperture_height.num, aperture_height.den, _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
