aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Converse <alex.converse@gmail.com>2011-12-04 16:38:05 -0800
committerAlex Converse <alex.converse@gmail.com>2011-12-05 09:51:35 -0800
commit52401b82bd2ed30d4c4353cb084bf4ee679d0c22 (patch)
treec8cfe458db993f7da7d11b100171998b8f40d557
parent9179f27c6431e36cf0ebd320fb2733f56969bb44 (diff)
downloadffmpeg-52401b82bd2ed30d4c4353cb084bf4ee679d0c22.tar.gz
mov: Don't av_malloc(0).
malloc() is allowed to return NULL when zero is the argument. This causes us to think malloc has failed and return AVERROR(ENOMEM). In addition OS X malloc() returns an unfreeable non-NULL pointer for size zero when alignment is greater than 16.
-rw-r--r--libavformat/mov.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index e2bb4d650d..a0b0794592 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -915,6 +915,8 @@ static int mov_read_stco(MOVContext *c, AVIOContext *pb, MOVAtom atom)
entries = avio_rb32(pb);
+ if (!entries)
+ return 0;
if (entries >= UINT_MAX/sizeof(int64_t))
return -1;
@@ -1336,6 +1338,8 @@ static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
av_dlog(c->fc, "track[%i].stsc.entries = %i\n", c->fc->nb_streams-1, entries);
+ if (!entries)
+ return 0;
if (entries >= UINT_MAX / sizeof(*sc->stsc_data))
return -1;
sc->stsc_data = av_malloc(entries * sizeof(*sc->stsc_data));
@@ -1451,6 +1455,8 @@ static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return -1;
}
+ if (!entries)
+ return 0;
if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size)
return -1;
sc->sample_sizes = av_malloc(entries * sizeof(int));
@@ -1550,6 +1556,8 @@ static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
av_dlog(c->fc, "track[%i].ctts.entries = %i\n", c->fc->nb_streams-1, entries);
+ if (!entries)
+ return 0;
if (entries >= UINT_MAX / sizeof(*sc->ctts_data))
return -1;
sc->ctts_data = av_malloc(entries * sizeof(*sc->ctts_data));
@@ -1609,6 +1617,8 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
current_dts -= sc->dts_shift;
+ if (!sc->sample_count)
+ return;
if (sc->sample_count >= UINT_MAX / sizeof(*st->index_entries))
return;
st->index_entries = av_malloc(sc->sample_count*sizeof(*st->index_entries));