[FFmpeg-cvslog] movdec: Check count of stts/ctts elements instead of just the pointer.

Michael Niedermayer git at videolan.org
Tue May 29 20:11:48 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue May 29 19:28:09 2012 +0200| [5880d788734d9c4e2dc53c6cdec343ee978d3a3f] | committer: Michael Niedermayer

movdec: Check count of stts/ctts elements instead of just the pointer.

Fixes overreading the array

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5880d788734d9c4e2dc53c6cdec343ee978d3a3f
---

 libavformat/mov.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 222166e..a7bb076 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1874,7 +1874,7 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
             sc->empty_duration = av_rescale(sc->empty_duration, sc->time_scale, mov->time_scale);
         sc->time_offset = sc->start_time - sc->empty_duration;
         current_dts = -sc->time_offset;
-        if (sc->ctts_data && sc->stts_data &&
+        if (sc->ctts_count>0 && sc->stts_count>0 &&
             sc->ctts_data[0].duration / FFMAX(sc->stts_data[0].duration, 1) > 16) {
             /* more than 16 frames delay, dts are likely wrong
                this happens with files created by iMovie */



More information about the ffmpeg-cvslog mailing list