PR #22954 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22954 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22954.patch
We do want to limit an attackers ability to change once parsed structures. So once extradata (or another array) is finished and possibly has been used we do not want to allow an attacker to change it. This reduces the attack surface Signed-off-by: Michael Niedermayer <[email protected]> >From 413d0adcf3d43d52c037f76000163aa70d4c5d6c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Wed, 29 Apr 2026 01:49:59 +0200 Subject: [PATCH] avformat/mov: check extradata in mov_read_dops() We do want to limit an attackers ability to change once parsed structures. So once extradata (or another array) is finished and possibly has been used we do not want to allow an attacker to change it. This reduces the attack surface Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 187558e19b..f376c82a94 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -8573,7 +8573,7 @@ static int mov_read_dops(MOVContext *c, AVIOContext *pb, MOVAtom atom) return 0; st = c->fc->streams[c->fc->nb_streams-1]; - if ((uint64_t)atom.size > (1<<30) || atom.size < 11) + if ((uint64_t)atom.size > (1<<30) || atom.size < 11 || st->codecpar->extradata) return AVERROR_INVALIDDATA; /* Check OpusSpecificBox version. */ -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
