Skip to content

Commit

Permalink
MP4: Fix panic on invalid hdlr atom size
Browse files Browse the repository at this point in the history
  • Loading branch information
Serial-ATA committed Jul 23, 2024
1 parent 15e893e commit 5956023
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Fix panic when reading properties of a file with no timescale specified ([issue](https://github.com/Serial-ATA/lofty-rs/issues/418))
- Fix panics when reading improperly sized freeform atom identifiers ([issue](https://github.com/Serial-ATA/lofty-rs/issues/425)) ([issue](https://github.com/Serial-ATA/lofty-rs/issues/426))
- Fix panic when `data` atom length is less than 16 bytes ([issue](https://github.com/Serial-ATA/lofty-rs/issues/429))
- Fix panic when `hdlr` atom is an unexpected length ([issue](https://github.com/Serial-ATA/lofty-rs/issues/435))
- **WAV**:
- Fix panic when reading properties with large written bytes per second ([issue](https://github.com/Serial-ATA/lofty-rs/issues/420))
- Fix panic when reading an improperly sized INFO LIST ([issue](https://github.com/Serial-ATA/lofty-rs/issues/427))
Expand Down
6 changes: 6 additions & 0 deletions lofty/src/mp4/properties.rs
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,12 @@ where
mdhd = Some(atom)
},
b"hdlr" => {
if atom.len < 20 {
log::warn!("Incomplete 'hdlr' atom, skipping");
skip_unneeded(reader, atom.extended, atom.len)?;
continue;
}

// The hdlr atom is followed by 8 zeros
reader.seek(SeekFrom::Current(8))?;

Expand Down
Binary file not shown.
8 changes: 8 additions & 0 deletions lofty/tests/fuzz/mp4file_read_from.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,11 @@ fn panic3() {
);
let _ = Mp4File::read_from(&mut reader, ParseOptions::new());
}

#[test]
fn panic4() {
let mut reader = crate::get_reader(
"mp4file_read_from/steam_at_mention_IDX_83_RAND_107070306175668418039559.m4a",
);
let _ = Mp4File::read_from(&mut reader, ParseOptions::new());
}

0 comments on commit 5956023

Please sign in to comment.