From: Aaron Colwell <acolw...@google.com> Signed-off-by: James Almer <jamr...@gmail.com> --- Updated to the right chunks. Vittorio
libavformat/mov.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 11bcff0..6d1b2b2 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -3246,7 +3246,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom) } size = avio_rb32(pb); - if (size > atom.size) + if (size <= 12 || size > atom.size) return AVERROR_INVALIDDATA; tag = avio_rl32(pb); @@ -3255,7 +3255,7 @@ static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom) return 0; } avio_skip(pb, 4); /* version + flags */ - avio_skip(pb, avio_r8(pb)); /* metadata_source */ + avio_skip(pb, size - 12); /* metadata_source */ size = avio_rb32(pb); if (size > atom.size) -- 2.10.0 _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel