Re: [Libquicktime-devel] An allocation failed in quicktime_read_info

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

thanks for the report. I committed a trivial fix, which can easily be backported to
older versions also. It belongs to the end of the function quicktime_atom_read_header().

Index: src/atom.c
===================================================================
RCS file: /cvsroot/libquicktime/libquicktime/src/atom.c,v
retrieving revision 1.24
diff -r1.24 atom.c
133a134,136
 > /* Avoid broken files */
 >         if(atom->end > file->total_length)
 >           result = 1;

It fixes allocation-failed-in_quicktime_read_ftyp and
allocation-failed-in_quicktime_read_info.

The patch doesn't hurt in any case, but there might still be files, which make
lqt crash.

I'll look for the other reported problems (CVE-2017-9122 - CVE-2017-9128) ASAP.

Burkhard