From bb528d99c335e7e9daa259b233230147bd5e7443 Mon Sep 17 00:00:00 2001
From: sscobici <sergey.scobich@gmail.com>
Date: Sun, 19 Jan 2025 17:15:52 +0200
Subject: [PATCH] isomp4: validate es descriptor length

---
 symphonia-format-isomp4/src/atoms/esds.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/symphonia-format-isomp4/src/atoms/esds.rs b/symphonia-format-isomp4/src/atoms/esds.rs
index b8551f72..604ccd17 100644
--- a/symphonia-format-isomp4/src/atoms/esds.rs
+++ b/symphonia-format-isomp4/src/atoms/esds.rs
@@ -243,6 +243,8 @@ pub struct ESDescriptor {
 
 impl ObjectDescriptor for ESDescriptor {
     fn read<B: ReadBytes>(reader: &mut B, len: u32) -> Result<Self> {
+        let pos = reader.pos();
+
         let es_id = reader.read_be_u16()?;
         let es_flags = reader.read_u8()?;
 
@@ -265,6 +267,11 @@ impl ObjectDescriptor for ESDescriptor {
         let mut dec_config = None;
         let mut sl_config = None;
 
+        // len should be bigger than what have been read
+        if reader.pos() - pos > len as u64 {
+            return decode_error("isomp4: es descriptor len is wrong");
+        }
+
         let mut scoped = ScopedStream::new(reader, u64::from(len) - 3);
 
         // Multiple descriptors follow, but only the decoder configuration descriptor is useful.