Skip to content

Commit

Permalink
Boundary checks in Ap4ContainerAtom
Browse files Browse the repository at this point in the history 
The lack of boundary checks in Ap4ContainerAtom leads to an underflow
in size which then leads to existing validation checks to fail and hence allow
large malloc.
  • Loading branch information
@roticv
roticv committed Mar 28, 2024
1 parent 8806fe2 commit b977973
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions Source/C++/Core/Ap4ContainerAtom.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ AP4_ContainerAtom::AP4_ContainerAtom(Type type,
AP4_AtomFactory& atom_factory) :
AP4_Atom(type, size, force_64)
{
if (size < GetHeaderSize()) return;
ReadChildren(atom_factory, stream, size-GetHeaderSize());
}

Expand All @@ -151,6 +152,7 @@ AP4_ContainerAtom::AP4_ContainerAtom(Type type,
AP4_AtomFactory& atom_factory) :
AP4_Atom(type, size, force_64, version, flags)
{
if (size < GetHeaderSize()) return;
ReadChildren(atom_factory, stream, size-GetHeaderSize());
}

Expand Down

0 comments on commit b977973

Please sign in to comment.