[FFmpeg-cvslog] avformat/mov: Disallow empty sidx
Michael Niedermayer
git at videolan.org
Thu Apr 14 01:09:09 EEST 2022
ffmpeg | branch: release/3.4 | Michael Niedermayer <michael at niedermayer.cc> | Wed Mar 2 13:01:53 2022 +0100| [b70429e33c7c33eda2f0cbcf8d9fa0752bcd3c22] | committer: Michael Niedermayer
avformat/mov: Disallow empty sidx
It appears this is not allowed "Each Segment Index box documents how a (sub)segment is divided into one or more subsegments
(which may themselves be further subdivided using Segment Index boxes)."
Fixes: Null pointer dereference
Fixes: Ticket9517
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 4419433d77278cb742944c4514be5f72a04103c0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b70429e33c7c33eda2f0cbcf8d9fa0752bcd3c22
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 78ec7e8f45..5bbc54493e 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -4586,7 +4586,7 @@ static int mov_read_sidx(MOVContext *c, AVIOContext *pb, MOVAtom atom)
index->track_id = track_id;
index->item_count = avio_rb16(pb);
- index->items = av_mallocz_array(index->item_count, sizeof(MOVFragmentIndexItem));
+ index->items = index->item_count ? av_mallocz_array(index->item_count, sizeof(MOVFragmentIndexItem)) : NULL;
if (!index->items) {
av_freep(&index);
More information about the ffmpeg-cvslog
mailing list