From b5cb2287ccce4fdda01c9ae4131d6b757241235e Mon Sep 17 00:00:00 2001 From: MarkLee131 Date: Sun, 29 Mar 2026 18:05:46 +0800 Subject: [PATCH 1/2] Bound setMediaStream search to the trak atom size setMediaStream() scans for "hdlr" in a while(!eof) loop with no size bound. When a file has no "hdlr" atom in the expected position, the loop reads through the entire rest of the file. Pass the trak atom size and stop the search at that boundary. --- include/exiv2/quicktimevideo.hpp | 2 +- src/quicktimevideo.cpp | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/include/exiv2/quicktimevideo.hpp b/include/exiv2/quicktimevideo.hpp index 03423db8c8..5978382bd6 100644 --- a/include/exiv2/quicktimevideo.hpp +++ b/include/exiv2/quicktimevideo.hpp @@ -184,7 +184,7 @@ class EXIV2API QuickTimeVideo : public Image { @brief Recognizes which stream is currently under processing, and save its information in currentStream_ . */ - void setMediaStream(); + void setMediaStream(size_t atom_size); /*! @brief Used to discard a tag along with its data. The Tag will be skipped and not decoded. diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp index 9418e35c1e..3f206b5bac 100644 --- a/src/quicktimevideo.cpp +++ b/src/quicktimevideo.cpp @@ -645,7 +645,7 @@ void QuickTimeVideo::tagDecoder(Exiv2::DataBuf& buf, size_t size, size_t recursi fileTypeDecoder(size); else if (equalsQTimeTag(buf, "trak")) - setMediaStream(); + setMediaStream(size); else if (equalsQTimeTag(buf, "mvhd")) movieHeaderDecoder(size); @@ -1126,13 +1126,18 @@ void QuickTimeVideo::NikonTagsDecoder(size_t size) { io_->seek(cur_pos + size, BasicIo::beg); } // QuickTimeVideo::NikonTagsDecoder -void QuickTimeVideo::setMediaStream() { +void QuickTimeVideo::setMediaStream(size_t atom_size) { size_t current_position = io_->tell(); + size_t search_end = current_position + atom_size; + if (search_end > io_->size()) + search_end = io_->size(); DataBuf buf(4 + 1); - while (!io_->eof()) { + while (!io_->eof() && io_->tell() + 4 <= search_end) { io_->readOrThrow(buf.data(), 4); if (equalsQTimeTag(buf, "hdlr")) { + if (io_->tell() + 12 > search_end) + break; io_->readOrThrow(buf.data(), 4); io_->readOrThrow(buf.data(), 4); io_->readOrThrow(buf.data(), 4); From fd3f4fb955cf6a61412987f163e063dc61ae4824 Mon Sep 17 00:00:00 2001 From: Kaixuan Li Date: Sun, 29 Mar 2026 23:34:27 +0800 Subject: [PATCH 2/2] Update include/exiv2/quicktimevideo.hpp Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- include/exiv2/quicktimevideo.hpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/exiv2/quicktimevideo.hpp b/include/exiv2/quicktimevideo.hpp index 5978382bd6..3d08a33e15 100644 --- a/include/exiv2/quicktimevideo.hpp +++ b/include/exiv2/quicktimevideo.hpp @@ -183,6 +183,8 @@ class EXIV2API QuickTimeVideo : public Image { /*! @brief Recognizes which stream is currently under processing, and save its information in currentStream_ . + @param atom_size Full size of the atom currently being processed, in bytes, + including both the atom header and its payload. */ void setMediaStream(size_t atom_size); /*!