This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/6.1 in repository ffmpeg.
commit 0dd168e8fdda5f45fb378a1ec518f0c686d118ff Author: Michael Niedermayer <[email protected]> AuthorDate: Wed Apr 29 01:49:59 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 17:13:35 2026 +0200 avformat/mov: check extradata in mov_read_dops() We do want to limit an attackers ability to change once parsed structures. So once extradata (or another array) is finished and possibly has been used we do not want to allow an attacker to change it. This reduces the attack surface Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7c67748537d984d607b923aab6959bc85835c769) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 1e03144fb0..82fd75e8cf 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -7523,7 +7523,7 @@ static int mov_read_dops(MOVContext *c, AVIOContext *pb, MOVAtom atom) return 0; st = c->fc->streams[c->fc->nb_streams-1]; - if ((uint64_t)atom.size > (1<<30) || atom.size < 11) + if ((uint64_t)atom.size > (1<<30) || atom.size < 11 || st->codecpar->extradata) return AVERROR_INVALIDDATA; /* Check OpusSpecificBox version. */ _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
