qt-faststart: Check offset_count

Fixes CID733836 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

qt-faststart: Check offset_count
Fixes CID733836 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
0ea47423 · Michael Niedermayer · eee8c94f · 0ea47423
Commit 0ea47423 authored Dec 13, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

qt-faststart.c tools/qt-faststart.c +8 -0

No files found.
--- a/tools/qt-faststart.c
+++ b/tools/qt-faststart.c
@@ -235,6 +235,10 @@ int main(int argc, char *argv[])
                goto error_out;
            }
            offset_count = BE_32(&moov_atom[i + 8]);
+            if (i + 12LL + offset_count * 4LL > moov_atom_size) {
+                printf(" bad atom size\n");
+                goto error_out;
+            }
            for (j = 0; j < offset_count; j++) {
                current_offset  = BE_32(&moov_atom[i + 12 + j * 4]);
                current_offset += moov_atom_size;
@@ -252,6 +256,10 @@ int main(int argc, char *argv[])
                goto error_out;
            }
            offset_count = BE_32(&moov_atom[i + 8]);
+            if (i + 12LL + offset_count * 8LL > moov_atom_size) {
+                printf(" bad atom size\n");
+                goto error_out;
+            }
            for (j = 0; j < offset_count; j++) {
                current_offset  = BE_64(&moov_atom[i + 12 + j * 8]);
                current_offset += moov_atom_size;