Bug 626609 – [qtdemux] segfault when parsing avc1 atom

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 626609 - [qtdemux] segfault when parsing avc1 atom


Summary:	[qtdemux] segfault when parsing avc1 atom


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-good
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	0.10.25
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-08-11 09:19 UTC by Mark Nauwelaerts
Modified:	2010-08-11 11:08 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
qtdemux :prevent reading past avc1 atom when parsing (847 bytes, patch) 2010-08-11 09:20 UTC, Mark Nauwelaerts	committed	Details \| Review

Description Mark Nauwelaerts 2010-08-11 09:19:35 UTC

A large/invalid size of one of the extension atoms (e.g. avcC, btrt) could cause wrap-around and lead to parsing beyond avc1.

Comment 1 Mark Nauwelaerts 2010-08-11 09:20:46 UTC

Created attachment 167568 [details] [review]
qtdemux :prevent reading past avc1 atom when parsing

Comment 2 Tim-Philipp Müller 2010-08-11 10:52:51 UTC

Comment on attachment 167568 [details] [review]
qtdemux :prevent reading past avc1 atom when parsing

Guess that should go in..

Comment 3 Mark Nauwelaerts 2010-08-11 11:08:41 UTC

commit 8ea04c66b8826737824a7bb9cd5979921f238acc
Author: Mark Nauwelaerts <mark.nauwelaerts@collabora.co.uk>
Date:   Wed Aug 11 11:17:18 2010 +0200

    qtdemux: prevent reading past avc1 atom when parsing
    
    ... when one of the subatoms has a large/invalid size.
    
    Fixes #626609.