Check for unknown sized boxes by the u32 size, but not the wide size.

Checking unknown sized boxes the total size allows wide boxes' size to
be 0, causing panics to happen later when the box content offset is
greater than the total box size.

Author: Zaggy1024

mp4parse/src/lib.rs

@@ -2373,12 +2373,11 @@ fn read_box_header<T: ReadBytesExt>(src: &mut T) -> Result<Option<BoxHeader>> {
     } else {
         None
     };
-    if size != 0 && offset > size {
-        if size32 == 1 {
-            return Err(Error::from(Status::BoxBadWideSize));
-        } else {
-            return Err(Error::from(Status::BoxBadSize));
-        }
+    match size32 {
+        0 => (),
+        1 if offset > size => return Err(Error::from(Status::BoxBadWideSize)),
+        _ if offset > size => return Err(Error::from(Status::BoxBadSize)),
+        _ => (),
     }
     Ok(Some(BoxHeader {
         name,

mp4parse/tests/public.rs

@@ -71,6 +71,7 @@ static IMAGE_AVIF_UNKNOWN_MDAT_SIZE_IN_OVERSIZED_META: &str =
 static IMAGE_AVIF_VALID_WITH_GARBAGE_OVERREAD_AT_END: &str =
     "tests/valid_with_garbage_overread.avif";
 static IMAGE_AVIF_VALID_WITH_GARBAGE_BYTE_AT_END: &str = "tests/valid_with_garbage_byte.avif";
+static IMAGE_AVIF_WIDE_BOX_SIZE_0: &str = "tests/wide_box_size_0.avif";
 static AVIF_TEST_DIRS: &[&str] = &["tests", "av1-avif/testFiles", "link-u-avif-sample-images"];
 
 // These files are
@@ -130,6 +131,7 @@ static AVIF_UNSUPPORTED_IMAGES: &[&str] = &[
 // TODO: make this into a map of expected errors?
 static AV1_AVIF_CORRUPT_IMAGES: &[&str] = &[
     IMAGE_AVIF_UNKNOWN_MDAT_SIZE_IN_OVERSIZED_META,
+    IMAGE_AVIF_WIDE_BOX_SIZE_0,
     "av1-avif/testFiles/Link-U/kimono.crop.avif",
     "av1-avif/testFiles/Link-U/kimono.mirror-horizontal.avif",
     "av1-avif/testFiles/Link-U/kimono.mirror-vertical.avif",
@@ -1295,6 +1297,15 @@ fn public_avif_valid_with_garbage_byte_at_end() {
     assert_avif_should(IMAGE_AVIF_VALID_WITH_GARBAGE_BYTE_AT_END, Status::Eof);
 }
 
+#[test]
+fn public_avif_bad_video_sample_entry() {
+    let input = &mut File::open(IMAGE_AVIF_WIDE_BOX_SIZE_0).expect("Unknown file");
+    assert_eq!(
+        Status::from(mp4::read_avif(input, ParseStrictness::Normal)),
+        Status::BoxBadWideSize
+    );
+}
+
 fn public_avis_loop_impl(path: &str, looped: bool) {
     let input = &mut File::open(path).expect("Unknown file");
     match mp4::read_avif(input, ParseStrictness::Normal) {