Don't subtract overflow when 64-bit box size is less than 8 #89
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
It also seems that a |
jessa0
force-pushed
the
jessa0/box-size-overflow
branch
from
0483069 to
76987c9
Compare
|
Looks good. Thank you!
|
jprochazk
pushed a commit
to jprochazk/mp4
that referenced
this pull request
Sep 18, 2024
* don't subtract overflow when 64-bit box size is less than 8 * fix largesize of 8 being conflated with a size of 0
CandleCandle
pushed a commit
to CandleCandle/mp4-rust
that referenced
this pull request
May 7, 2025
* don't subtract overflow when 64-bit box size is less than 8 * fix largesize of 8 being conflated with a size of 0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The subtraction overflow will cause a panic when overflow panics are enabled. It seems more robust to return an error instead. The 64-bit box size can only be this small in malformed files, but I'm working on a project to parse and sanitize untrusted MP4 using this library, and hopefully panics can be reserved for code bugs rather than malformed input.