From adca877acb930faf1a5d686af93b9f657cebf1b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Ekstr=C3=B6m?= <jeebjp@gmail.com>
Date: Sat, 4 Feb 2023 21:21:10 +0200
Subject: [PATCH] avformat/mov: check that pcmC box is of the expected type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As per 23003-5:2020 this box is defined as
PCMConfig extends FullBox(‘pcmC’, version = 0, 0), which means
that version is 0 and flags should be zero.
---
 libavformat/mov.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 8af564ed61..cdd44a9e44 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1590,14 +1590,23 @@ static int mov_read_enda(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 static int mov_read_pcmc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 {
     int format_flags;
+    int version, flags;
 
     if (atom.size < 6) {
         av_log(c->fc, AV_LOG_ERROR, "Empty pcmC box\n");
         return AVERROR_INVALIDDATA;
     }
 
-    avio_r8(pb);    // version
-    avio_rb24(pb);  // flags
+    version = avio_r8(pb);
+    flags   = avio_rb24(pb);
+
+    if (version != 0 || flags != 0) {
+        av_log(c->fc, AV_LOG_ERROR,
+               "Unsupported 'pcmC' box with version %d, flags: %x",
+               version, flags);
+        return AVERROR_INVALIDDATA;
+    }
+
     format_flags = avio_r8(pb);
     if (format_flags == 1) // indicates little-endian format. If not present, big-endian format is used
         set_last_stream_little_endian(c->fc);