From fd3a3fd60f19fb539ee70863184000c9c44a9ea1 Mon Sep 17 00:00:00 2001
From: Eric Lindvall <eric@5stops.com>
Date: Sun, 19 Jan 2025 12:49:44 -0800
Subject: [PATCH] fix: ensure mime box is large enough to read

---
 mp4/mime.go                                      | 4 ++++
 mp4/testdata/fuzz/FuzzDecodeBox/77cf6e30648805ea | 2 ++
 2 files changed, 6 insertions(+)
 create mode 100644 mp4/testdata/fuzz/FuzzDecodeBox/77cf6e30648805ea

diff --git a/mp4/mime.go b/mp4/mime.go
index 830eb150..c01499cb 100644
--- a/mp4/mime.go
+++ b/mp4/mime.go
@@ -1,6 +1,7 @@
 package mp4
 
 import (
+	"fmt"
 	"io"
 
 	"github.com/Eyevinn/mp4ff/bits"
@@ -31,6 +32,9 @@ func DecodeMimeSR(hdr BoxHeader, startPos uint64, sr bits.SliceReader) (Box, err
 		Version: byte(versionAndFlags >> 24),
 		Flags:   versionAndFlags & flagsMask,
 	}
+	if hdr.payloadLen() < 5 {
+		return nil, fmt.Errorf("mime: box payload size %d less than 5", hdr.payloadLen())
+	}
 	rest := sr.ReadBytes(hdr.payloadLen() - 4)
 	if rest[len(rest)-1] == 0 { // zero-termination
 		b.ContentType = string(rest[:len(rest)-1])
diff --git a/mp4/testdata/fuzz/FuzzDecodeBox/77cf6e30648805ea b/mp4/testdata/fuzz/FuzzDecodeBox/77cf6e30648805ea
new file mode 100644
index 00000000..5f053b36
--- /dev/null
+++ b/mp4/testdata/fuzz/FuzzDecodeBox/77cf6e30648805ea
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("\x00\x00\x00\fmime0000")