[FFmpeg-devel] [PATCH] avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry()
Michael Niedermayer
michael at niedermayer.cc
Sat Feb 3 23:45:24 EET 2018
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index d16b431e03..a9b9ec025f 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3233,7 +3233,7 @@ static int64_t add_ctts_entry(MOVStts** ctts_data, unsigned int* ctts_count, uns
FFMAX(min_size_needed, 2 * (*allocated_size)) :
min_size_needed;
- if((unsigned)(*ctts_count) + 1 >= UINT_MAX / sizeof(MOVStts))
+ if((unsigned)(*ctts_count) >= UINT_MAX / sizeof(MOVStts) - 1)
return -1;
ctts_buf_new = av_fast_realloc(*ctts_data, allocated_size, requested_size);
--
2.16.1
More information about the ffmpeg-devel
mailing list