[FFmpeg-devel] [PATCH] lavf/mov: don't read outside frag_index bounds
John Stebbins
jstebbins at jetheaddev.com
Fri Nov 17 18:21:02 EET 2017
Potentially fixes:
https://bugs.chromium.org/p/chromium/issues/detail?id=786269#c1
In theory, the crash can be triggered by an invalid stream that has
either tfdt or trun outside of the moof
---
libavformat/mov.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index d49d820d2b..0fbc7f54a2 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1188,6 +1188,10 @@ static void set_frag_stream(MOVFragmentIndex *frag_index, int id)
static MOVFragmentStreamInfo * get_current_frag_stream_info(
MOVFragmentIndex *frag_index)
{
+ if (frag_index->current < 0 ||
+ frag_index->current >= frag_index->nb_items)
+ return NULL;
+
MOVFragmentIndexItem * item = &frag_index->item[frag_index->current];
if (item->current >= 0 && item->current < item->nb_stream_info)
return &item->stream_info[item->current];
--
2.13.6
More information about the ffmpeg-devel
mailing list