From 3ed084f04c7d3baf1777f5c93927f76cd0f28319 Mon Sep 17 00:00:00 2001 From: Victor Loh Date: Wed, 20 Mar 2024 23:27:36 +0000 Subject: [PATCH] Add boundary checks to Ap4IproAtom Fuzzer caught another large malloc. This is caused by lack of boundary check resulting in the next atom (children atom) to artificially large "size" due to the underflow in bytes_available. --- Source/C++/Core/Ap4IproAtom.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Source/C++/Core/Ap4IproAtom.cpp b/Source/C++/Core/Ap4IproAtom.cpp index 41c7429e8..6d4bae5ae 100644 --- a/Source/C++/Core/Ap4IproAtom.cpp +++ b/Source/C++/Core/Ap4IproAtom.cpp @@ -62,6 +62,10 @@ AP4_IproAtom::AP4_IproAtom(AP4_UI32 size, AP4_AtomFactory& atom_factory) : AP4_ContainerAtom(AP4_ATOM_TYPE_IPRO, size, false, version, flags) { + if (size < AP4_FULL_ATOM_HEADER_SIZE + 2) { + return; + } + // read the number of entries AP4_UI16 entry_count; stream.ReadUI16(entry_count);