diff options
| author | Ronald S. Bultje <rsbultje@gmail.com> | 2012-03-28 12:56:07 -0700 |
|---|---|---|
| committer | Reinhard Tartler <siretart@tauware.de> | 2012-04-29 22:07:03 +0200 |
| commit | a08cb950b25d31ecc9c083dc8f70b30ec3c70cc9 (patch) | |
| tree | 9aa1274e29814fd1d623274691c81fe253d015f6 | |
| parent | 46f8bbfc6d8ec609afd9166a9aecdda1388b8d07 (diff) | |
| download | ffmpeg-a08cb950b25d31ecc9c083dc8f70b30ec3c70cc9.tar.gz | |
mov: don't overwrite existing indexes.
Prevents all kind of badness if files contain multiple
indexes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4f7c7624c0db185c48c59d95d745ab3f7851a5b4)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| -rw-r--r-- | libavformat/mov.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c index c5270695c1..f6be6a88bc 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1699,6 +1699,7 @@ static void mov_build_index(MOVContext *mov, AVStream *st) unsigned int stps_index = 0; unsigned int i, j; uint64_t stream_size = 0; + AVIndexEntry *mem; /* adjust first dts according to edit list */ if (sc->time_offset && mov->time_scale > 0) { @@ -1727,12 +1728,13 @@ static void mov_build_index(MOVContext *mov, AVStream *st) if (!sc->sample_count) return; - if (sc->sample_count >= UINT_MAX / sizeof(*st->index_entries)) + if (sc->sample_count >= UINT_MAX / sizeof(*st->index_entries) - st->nb_index_entries) return; - st->index_entries = av_malloc(sc->sample_count*sizeof(*st->index_entries)); - if (!st->index_entries) + mem = av_realloc(st->index_entries, (st->nb_index_entries + sc->sample_count) * sizeof(*st->index_entries)); + if (!mem) return; - st->index_entries_allocated_size = sc->sample_count*sizeof(*st->index_entries); + st->index_entries = mem; + st->index_entries_allocated_size = (st->nb_index_entries + sc->sample_count) * sizeof(*st->index_entries); for (i = 0; i < sc->chunk_count; i++) { current_offset = sc->chunk_offsets[i]; @@ -1815,12 +1817,13 @@ static void mov_build_index(MOVContext *mov, AVStream *st) } av_dlog(mov->fc, "chunk count %d\n", total); - if (total >= UINT_MAX / sizeof(*st->index_entries)) + if (total >= UINT_MAX / sizeof(*st->index_entries) - st->nb_index_entries) return; - st->index_entries = av_malloc(total*sizeof(*st->index_entries)); - if (!st->index_entries) + mem = av_realloc(st->index_entries, (st->nb_index_entries + total) * sizeof(*st->index_entries)); + if (!mem) return; - st->index_entries_allocated_size = total*sizeof(*st->index_entries); + st->index_entries = mem; + st->index_entries_allocated_size = (st->nb_index_entries + total) * sizeof(*st->index_entries); // populate index for (i = 0; i < sc->chunk_count; i++) { |