From f6b5e5ba09cebc611176182fdcef4c5a1b426877 Mon Sep 17 00:00:00 2001
From: qqq123 <100619315+QWeiheng@users.noreply.github.com>
Date: Tue, 2 Apr 2024 16:07:08 -0500
Subject: [PATCH 1/2] add bound check in AP4_Stz2Atom::AP4_Stz2Atom

---
 Source/C++/Core/Ap4Stz2Atom.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Source/C++/Core/Ap4Stz2Atom.cpp b/Source/C++/Core/Ap4Stz2Atom.cpp
index f7acb845..6fa81297 100644
--- a/Source/C++/Core/Ap4Stz2Atom.cpp
+++ b/Source/C++/Core/Ap4Stz2Atom.cpp
@@ -104,6 +104,7 @@ AP4_Stz2Atom::AP4_Stz2Atom(AP4_UI32        size,
         delete[] buffer;
         return;
     }
+    if (sample_count > sizeof(buffer)) return;
     m_SampleCount = sample_count;
     m_Entries.SetItemCount((AP4_Cardinal)sample_count);
     switch (m_FieldSize) {

From 2ac2417e9a5f9c336ed7948f7eb35a4d1751fa44 Mon Sep 17 00:00:00 2001
From: qqq123 <100619315+QWeiheng@users.noreply.github.com>
Date: Tue, 2 Apr 2024 16:10:17 -0500
Subject: [PATCH 2/2] fix oob in #948

---
 Source/C++/Core/Ap4Stz2Atom.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Source/C++/Core/Ap4Stz2Atom.cpp b/Source/C++/Core/Ap4Stz2Atom.cpp
index 6fa81297..611e7c07 100644
--- a/Source/C++/Core/Ap4Stz2Atom.cpp
+++ b/Source/C++/Core/Ap4Stz2Atom.cpp
@@ -104,7 +104,7 @@ AP4_Stz2Atom::AP4_Stz2Atom(AP4_UI32        size,
         delete[] buffer;
         return;
     }
-    if (sample_count > sizeof(buffer)) return;
+    if (2 * sample_count > sizeof(buffer)) return;
     m_SampleCount = sample_count;
     m_Entries.SetItemCount((AP4_Cardinal)sample_count);
     switch (m_FieldSize) {