# HG changeset patch # User reimar # Date 1120986314 0 # Node ID 0ad9bf13b72b38e3ef8a181a5a393c0278482007 # Parent 8082c89f75c5ee886fc8029236a36eb5da8d4f83 Add missing range/length check for video trak desc (fixes bug #335). diff -r 8082c89f75c5 -r 0ad9bf13b72b libmpdemux/demux_mov.c --- a/libmpdemux/demux_mov.c Sun Jul 10 08:57:31 2005 +0000 +++ b/libmpdemux/demux_mov.c Sun Jul 10 09:05:14 2005 +0000 @@ -801,9 +801,16 @@ int hdr_ptr = 76; // the byte just after depth unsigned char *palette_map; sh_video_t* sh=new_sh_video(demuxer,priv->track_db); - int depth = trak->stdata[75]|(trak->stdata[74]<<8); + int depth; sh->format=trak->fourcc; + if (trak->stdata_len < 78) { + mp_msg(MSGT_DEMUXER, MSGL_WARN, + "MOV: Invalid (%d bytes instead of >= 78) video trak desc\n", + trak->stdata_len); + break; + } + depth = trak->stdata[75] | (trak->stdata[74] << 8); // stdata[]: // 8 short version // 10 short revision