[PR #1566] [MERGED] **[FIX]** fix infinite loop in MP4 file type detector and processor

## 📋 Pull Request Information **Original PR:** https://github.com/CCExtractor/ccextractor/pull/1566 **Author:** [@xopok](https://github.com/xopok) **Created:** 9/4/2023 **Status:** ✅ Merged **Merged:** 1/8/2024 **Merged by:** [@canihavesomecoffee](https://github.com/canihavesomecoffee) **Base:** `master` ← **Head:** `patch-1` --- ### 📝 Commits (7) - [`a926398`](https://github.com/CCExtractor/ccextractor/commit/a926398decda3343b8284a99c3a382155d730b7e) Update stream_functions.c: fix MP4 file type detector - [`6d017b5`](https://github.com/CCExtractor/ccextractor/commit/6d017b5647c39c9d4a29b68cd8a40ff9e3742750) Update CHANGES.TXT - [`323f803`](https://github.com/CCExtractor/ccextractor/commit/323f8038c685019264edf719d58ea96b584f622d) Treat a candidate MP4 box as invalid instead of bailing out - [`c9c2b1e`](https://github.com/CCExtractor/ccextractor/commit/c9c2b1ec74001c4c0e515a410b92c36fcf8612d6) Fix stuck mp4 processing in `process_avc_sample` - [`bd1be6d`](https://github.com/CCExtractor/ccextractor/commit/bd1be6d71593477a18b6e13dc4a8035b8ea2726a) Fix the stats code to not count zero-sized NALs and avoid dereferencing memory past the NAL end - [`0650312`](https://github.com/CCExtractor/ccextractor/commit/0650312bf6d38073af3e6281a4563e11e2119283) Add comment. - [`0452006`](https://github.com/CCExtractor/ccextractor/commit/04520067d55d76f47c0b8d2135446079e5497da2) Format changes ### 📊 Changes **3 files changed** (+27 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `docs/CHANGES.TXT` (+1 -0) 📝 `src/lib_ccx/mp4.c` (+25 -2) 📝 `src/lib_ccx/stream_functions.c` (+1 -1) </details> ### 📄 Description On bad inputs containing e.g. the following sequence of bytes within the first 1MiB "ff ff ff ff 6d 65 74 61" `detect_stream_type` was executing an infinite loop because "ff ff ff ff" was interpreted as a length of the candidate "meta" MP4 box, caused the size_t overflow inside `isValidMP4Box` which pointed `nextBoxLocation` to the previous byte and the execution flow processed the same "meta" again.  **In raising this pull request, I confirm the following (please check boxes):** - [x] I have read and understood the [contributors guide](https://github.com/CCExtractor/ccextractor/blob/master/.github/CONTRIBUTING.md). - [x] I have checked that another pull request for this purpose does not exist. - [x] I have considered, and confirmed that this submission will be valuable to others. - [x] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [x] I give this submission freely, and claim no ownership to its content. - [x] **I have mentioned this change in the [changelog](https://github.com/CCExtractor/ccextractor/blob/master/docs/CHANGES.TXT).** **My familiarity with the project is as follows (check one):** - [ ] I have never used CCExtractor. - [x] I have used CCExtractor just a couple of times. - [ ] I absolutely love CCExtractor, but have not contributed previously. - [ ] I am an active contributor to CCExtractor. --- {pull request content here} --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

claunia commented

2026-01-29 17:21:18 +00:00

Owner

📋 Pull Request Information

Original PR: https://github.com/CCExtractor/ccextractor/pull/1566
Author: @xopok
Created: 9/4/2023
Status: ✅ Merged
Merged: 1/8/2024
Merged by: @canihavesomecoffee

Base: master ← Head: patch-1

📝 Commits (7)

a926398 Update stream_functions.c: fix MP4 file type detector
6d017b5 Update CHANGES.TXT
323f803 Treat a candidate MP4 box as invalid instead of bailing out
c9c2b1e Fix stuck mp4 processing in process_avc_sample
bd1be6d Fix the stats code to not count zero-sized NALs and avoid dereferencing memory past the NAL end
0650312 Add comment.
0452006 Format changes

📊 Changes

3 files changed (+27 additions, -3 deletions)

View changed files

📝 docs/CHANGES.TXT (+1 -0)
📝 src/lib_ccx/mp4.c (+25 -2)
📝 src/lib_ccx/stream_functions.c (+1 -1)

📄 Description

On bad inputs containing e.g. the following sequence of bytes within the first 1MiB "ff ff ff ff 6d 65 74 61" detect_stream_type was executing an infinite loop because "ff ff ff ff" was interpreted as a length of the candidate "meta" MP4 box, caused the size_t overflow inside isValidMP4Box which pointed nextBoxLocation to the previous byte and the execution flow processed the same "meta" again.

In raising this pull request, I confirm the following (please check boxes):

I have read and understood the contributors guide.
I have checked that another pull request for this purpose does not exist.
I have considered, and confirmed that this submission will be valuable to others.
I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
I give this submission freely, and claim no ownership to its content.
I have mentioned this change in the changelog.

My familiarity with the project is as follows (check one):

I have never used CCExtractor.
I have used CCExtractor just a couple of times.
I absolutely love CCExtractor, but have not contributed previously.
I am an active contributor to CCExtractor.

{pull request content here}

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

claunia added the pull-request label 2026-01-29 17:21:18 +00:00

[PR #1566] [MERGED] **[FIX]** fix infinite loop in MP4 file type detector and processor #2283

📋 Pull Request Information

📝 Commits (7)

📊 Changes

📄 Description

[PR #1566] [MERGED] [FIX] fix infinite loop in MP4 file type detector and processor #2283