This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/7.1 in repository ffmpeg.
commit 78c944bdb170d8dcece166115d92b45379b040f4 Author: Michael Niedermayer <[email protected]> AuthorDate: Tue Feb 24 03:47:15 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 15:57:15 2026 +0200 avformat/mov: use 64bit in CENC subsample bounds checks Found-by: Quang Luong <[email protected]> Found-by: PrymEvol Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e392fb8c9c3949d975531d2b23c645d2465a7ebc) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mov.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 36607253dd..3bd1b90d4e 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -7906,7 +7906,7 @@ static int cenc_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption } for (i = 0; i < sample->subsample_count; i++) { - if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) { + if (sample->subsamples[i].bytes_of_clear_data + (int64_t)sample->subsamples[i].bytes_of_protected_data > size) { av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n"); return AVERROR_INVALIDDATA; } @@ -7961,7 +7961,7 @@ static int cbc1_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption } for (i = 0; i < sample->subsample_count; i++) { - if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) { + if (sample->subsamples[i].bytes_of_clear_data + (int64_t)sample->subsamples[i].bytes_of_protected_data > size) { av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n"); return AVERROR_INVALIDDATA; } @@ -8023,7 +8023,7 @@ static int cens_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption } for (i = 0; i < sample->subsample_count; i++) { - if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) { + if (sample->subsamples[i].bytes_of_clear_data + (int64_t)sample->subsamples[i].bytes_of_protected_data > size) { av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n"); return AVERROR_INVALIDDATA; } @@ -8088,7 +8088,7 @@ static int cbcs_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption } for (i = 0; i < sample->subsample_count; i++) { - if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) { + if (sample->subsamples[i].bytes_of_clear_data + (int64_t)sample->subsamples[i].bytes_of_protected_data > size) { av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n"); return AVERROR_INVALIDDATA; } _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
