This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/6.1 in repository ffmpeg.
commit c53f3406f32a62bb652d750a68f12de36127edd2 Author: Michael Niedermayer <[email protected]> AuthorDate: Tue Feb 24 03:47:15 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 17:13:25 2026 +0200 avformat/mov: use 64bit in CENC subsample bounds checks Found-by: Quang Luong <[email protected]> Found-by: PrymEvol Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e392fb8c9c3949d975531d2b23c645d2465a7ebc) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mov.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index bad496c887..7dffa34bd8 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -7179,7 +7179,7 @@ static int cenc_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption } for (i = 0; i < sample->subsample_count; i++) { - if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) { + if (sample->subsamples[i].bytes_of_clear_data + (int64_t)sample->subsamples[i].bytes_of_protected_data > size) { av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n"); return AVERROR_INVALIDDATA; } @@ -7234,7 +7234,7 @@ static int cbc1_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption } for (i = 0; i < sample->subsample_count; i++) { - if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) { + if (sample->subsamples[i].bytes_of_clear_data + (int64_t)sample->subsamples[i].bytes_of_protected_data > size) { av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n"); return AVERROR_INVALIDDATA; } @@ -7296,7 +7296,7 @@ static int cens_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption } for (i = 0; i < sample->subsample_count; i++) { - if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) { + if (sample->subsamples[i].bytes_of_clear_data + (int64_t)sample->subsamples[i].bytes_of_protected_data > size) { av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n"); return AVERROR_INVALIDDATA; } @@ -7361,7 +7361,7 @@ static int cbcs_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption } for (i = 0; i < sample->subsample_count; i++) { - if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) { + if (sample->subsamples[i].bytes_of_clear_data + (int64_t)sample->subsamples[i].bytes_of_protected_data > size) { av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n"); return AVERROR_INVALIDDATA; } _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
