[FFmpeg-cvslog] avformat/mov: fix potential unsigned underflow in loop condition
James Almer
git at videolan.org
Tue Jan 14 21:04:10 EET 2025
ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Mon Jan 13 18:17:06 2025 -0300| [fd1772b7475d0d5673a5dd314ee78443d0be4cf1] | committer: James Almer
avformat/mov: fix potential unsigned underflow in loop condition
if sc->tts_count is 0, this condition will wrap around to UINT_MAX and the
code will try to dereference a NULL pointer.
Fixes ticket #11417
Signed-off-by: James Almer <jamrial at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fd1772b7475d0d5673a5dd314ee78443d0be4cf1
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 405d61fdf5..138120488a 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5191,7 +5191,7 @@ static int mov_read_trak(MOVContext *c, AVIOContext *pb, MOVAtom atom)
}
#if FF_API_R_FRAME_RATE
- for (int i = 1; sc->stts_count && i < sc->tts_count - 1; i++) {
+ for (unsigned int i = 1; sc->stts_count && i + 1 < sc->tts_count; i++) {
if (sc->tts_data[i].duration == sc->tts_data[0].duration)
continue;
stts_constant = 0;
More information about the ffmpeg-cvslog
mailing list