fix: add stsc size check to avoid excessive allocation for erronous i…

…nput values.
Eyevinn · Jan 15, 2025 · 02a6189 · 02a6189
1 parent d252d88
commit 02a6189
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/mp4/stsc.go b/mp4/stsc.go
@@ -49,8 +49,12 @@ func DecodeStscSR(hdr BoxHeader, startPos uint64, sr bits.SliceReader) (Box, err
 	b := StscBox{
 		Version: byte(versionAndFlags >> 24),
 		Flags:   versionAndFlags & flagsMask,
-		Entries: make([]StscEntry, entryCount),
 	}
+	if hdr.Size != b.expectedSize(int(entryCount)) {
+		return nil, fmt.Errorf("invalid stsc box size")
+	}
+
+	b.Entries = make([]StscEntry, entryCount)
 
 	var accSampleNr uint32 = 1
 
@@ -88,7 +92,11 @@ func (b *StscBox) Type() string {
 
 // Size - box-specific size
 func (b *StscBox) Size() uint64 {
-	return uint64(boxHeaderSize + 8 + len(b.Entries)*12)
+	return b.expectedSize(len(b.Entries))
+}
+
+func (b *StscBox) expectedSize(nrEntries int) uint64 {
+	return uint64(boxHeaderSize + 8 + nrEntries*12)
 }
 
 // Encode - write box to w

diff --git a/mp4/stsc_test.go b/mp4/stsc_test.go
@@ -1,6 +1,7 @@
 package mp4
 
 import (
+	"bytes"
 	"testing"
 
 	"github.com/go-test/deep"
@@ -179,3 +180,13 @@ func TestStscSampleDescriptionID(t *testing.T) {
 	_ = box.AddEntry(3, 128, 2)
 	boxDiffAfterEncodeAndDecode(t, &box)
 }
+
+func TestBadSizeStsc(t *testing.T) {
+	// raw stsc box with size 16, but with one entry, so its size should be 28ß
+	raw := []byte{0x00, 0x00, 0x00, 0x10, 's', 't', 's', 'c', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}
+	buf := bytes.NewBuffer(raw)
+	_, err := DecodeBox(0, buf)
+	if err == nil {
+		t.Error("expected invalid size error")
+	}
+}