From 951247edcc14bef361dfc0d257060058cd1f7644 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 26 Oct 2022 22:02:01 +0100
Subject: [PATCH 1/2] Regression test for
 https://github.com/Exiv2/exiv2/issues/2393

---
 test/data/issue_2393_poc.mp4                    | Bin 0 -> 319 bytes
 tests/bugfixes/github/test_issue_2393.py        |  16 ++++++++++++++++
 .../test_regression_allfiles.py                 |   1 +
 3 files changed, 17 insertions(+)
 create mode 100644 test/data/issue_2393_poc.mp4
 create mode 100644 tests/bugfixes/github/test_issue_2393.py

diff --git a/test/data/issue_2393_poc.mp4 b/test/data/issue_2393_poc.mp4
new file mode 100644
index 0000000000000000000000000000000000000000..9c751e2011442f29b0c50d67def6cff8e998e867
GIT binary patch
literal 319
zcmYLEu}T9$6r4?rpdtn&LAwRPM!0B^LM3qGNlbBaWD&Gnl0EPAvU}!M)IShx{Ebxp
zg{{9}t93es^_gfKm^VD;!Mp*m7Tf#$+H(HNopXEw5UTyIis8ooKAZzsEeV?2eOzJ{
zSgFAuKa|1gjtpIRG7ND_+cG}R!ia64jKtb}uhE#8?LTwGer|xz9dGOTWri!E9+!qs
zhMaX)%8X{14@~c7V3m%t%s*J1o6gz473V6VqhsT>BN0fegq4H*w*rtdFub9T&6Wc@
zIp={mtWKjz@I_o8c6OU+k&cKIT%tPv!KlCE=q`=DNNQOao%Xu&))Pt>W_Ya9i^P5d
DD0x@D

literal 0
HcmV?d00001

diff --git a/tests/bugfixes/github/test_issue_2393.py b/tests/bugfixes/github/test_issue_2393.py
new file mode 100644
index 00000000..5b37dd35
--- /dev/null
+++ b/tests/bugfixes/github/test_issue_2393.py
@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+
+from system_tests import CaseMeta, check_no_ASAN_UBSAN_errors
+
+class issue_2393_QuickTimeVideo_multipleEntriesDecoder_long_running(metaclass=CaseMeta):
+    url      = "https://github.com/Exiv2/exiv2/issues/2393"
+    filename = "$data_path/issue_2393_poc.mp4"
+    commands = ["$exiv2 $filename"]
+    retval   = [253]
+    stderr   = ["""$filename: No Exif data found in the file
+"""]
+    stdout   = ["""File name       : $filename
+File size       : 319 Bytes
+MIME type       : video/quicktime
+Image size      : 0 x 0
+"""]
diff --git a/tests/regression_tests/test_regression_allfiles.py b/tests/regression_tests/test_regression_allfiles.py
index 55baa5b5..01304742 100644
--- a/tests/regression_tests/test_regression_allfiles.py
+++ b/tests/regression_tests/test_regression_allfiles.py
@@ -64,6 +64,7 @@ def get_valid_files(data_dir):
         "issue_2376_poc.mp4",
         "issue_2377_poc.mp4",
         "issue_2383_poc.mp4",
+        "issue_2393_poc.mp4",
         "2018-01-09-exiv2-crash-001.tiff",
         "cve_2017_1000126_stack-oob-read.webp",
         "exiv2-bug1247.jpg",

From 771ead87321ae6e39e5c9f6f0855c58cde6648f1 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Wed, 26 Oct 2022 22:07:11 +0100
Subject: [PATCH 2/2] Credit to OSS-Fuzz:
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52731 Stop looping when
 eof is hit.

---
 src/quicktimevideo.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp
index 011b3c29..b44b3683 100644
--- a/src/quicktimevideo.cpp
+++ b/src/quicktimevideo.cpp
@@ -1221,12 +1221,13 @@ void QuickTimeVideo::multipleEntriesDecoder() {
   DataBuf buf(4 + 1);
   io_->readOrThrow(buf.data(), 4);
   io_->readOrThrow(buf.data(), 4);
-  size_t noOfEntries;
+  uint32_t noOfEntries;
 
   noOfEntries = buf.read_uint32(0, bigEndian);
 
-  for (unsigned long i = 1; i <= noOfEntries; i++)
+  for (uint32_t i = 0; i < noOfEntries && continueTraversing_; i++) {
     decodeBlock();
+  }
 }  // QuickTimeVideo::multipleEntriesDecoder
 
 void QuickTimeVideo::videoHeaderDecoder(size_t size) {