avformat/mov: validate APV access unit length before passing to decoder
libavformat/mov.c read the APV AU length field directly from the
sample without sanity-checking against the remaining sample size or
a documented maximum. The patch validates that au_size is bounded by
the remaining sample bytes and that the AU envelope (4 bytes plus
au_size) fits inside the declared sample size.
Validate the access unit length at the demuxer boundary so that the
decoder is not handed an attacker-controllable buffer size. Returns
AVERROR_INVALIDDATA on the bound failure with an explicit log line.
Found-by: Claude (Anthropic). Human-verified and reported by
Omkhar Arasaratnam <omkhar@linkedin.com>.
Signed-off-by: Omkhar Arasaratnam <omkhar@linkedin.com>
(cherry picked from commit
387ad6d1029c6c75a62cf3ed2d2526f8d8329354)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>