From c1497321826cb7d462ea775908abfa8c52716cac Mon Sep 17 00:00:00 2001
From: Mattias Wadman <mattias.wadman@gmail.com>
Date: Sun, 12 Dec 2021 09:54:48 +0100
Subject: [PATCH] mp4,trun,fuzz: Limit number of constant sample entries

---
 format/mp4/boxes.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/format/mp4/boxes.go b/format/mp4/boxes.go
index 02e85d0e..6be8fcdc 100644
--- a/format/mp4/boxes.go
+++ b/format/mp4/boxes.go
@@ -12,6 +12,9 @@ import (
 	"github.com/wader/fq/pkg/scalar"
 )
 
+// TODO: keep track of list of sampleSize/entries instead and change sample read code
+const maxSampleEntryCount = 10_000_000
+
 var boxAliases = map[string]string{
 	"styp": "ftyp",
 }
@@ -539,10 +542,8 @@ func init() {
 				})
 			} else {
 				if ctx.currentTrack != nil {
-					// TODO: keep track of list of sampleSize/entries instead and change sample read code
-					const maxEntryCount = 10_000_000
-					if entryCount > maxEntryCount {
-						d.Errorf("too many constant stsz entries %d > %d", entryCount, maxEntryCount)
+					if entryCount > maxSampleEntryCount {
+						d.Errorf("too many constant stsz entries %d > %d", entryCount, maxSampleEntryCount)
 					}
 					for i := uint64(0); i < entryCount; i++ {
 						ctx.currentTrack.stsz = append(ctx.currentTrack.stsz, uint32(sampleSize))
@@ -765,6 +766,10 @@ func init() {
 				d.FieldU32("first_sample_flags")
 			}
 
+			if sampleCount > maxSampleEntryCount {
+				d.Errorf("too many constant trun entries %d > %d", sampleCount, maxSampleEntryCount)
+			}
+
 			d.FieldArray("samples", func(d *decode.D) {
 				for i := uint64(0); i < sampleCount; i++ {
 					sampleSize := m.defaultSampleSize