mov: immediately return from mov_fix_index without old index entries

If there are no index entries, e_old = st->index_entries is only one byte large, since it was created by av_realloc called with size 0. Thus accessing e_old[0].timestamp causes a heap buffer overflow. Reviewed-by: Sasi Inguva <isasi@google.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> 2016-11-01 01:05:01 +0100
committer: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> 2016-11-01 18:45:34 +0100
commit: 9d83b209d8861f1daf55f6719b1e0c226ed7269a (patch)
tree: 38495bb9f4824ff00eda5a0c27040fb7edeb7715 /libavformat/mov.c
parent: 6089c44a2af1394bb34257814ba50e05b84112ec (diff)
download: ffmpeg-9d83b209d8861f1daf55f6719b1e0c226ed7269a.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index b4806f754e..4222088315 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2961,7 +2961,7 @@ static void mov_fix_index(MOVContext *mov, AVStream *st)
     int first_non_zero_audio_edit = -1;
     int packet_skip_samples = 0;
 
-    if (!msc->elst_data || msc->elst_count <= 0) {
+    if (!msc->elst_data || msc->elst_count <= 0 || nb_old <= 0) {
         return;
     }
     // Clean AVStream from traces of old index
author	Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-01 01:05:01 +0100
committer	Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-01 18:45:34 +0100
commit	9d83b209d8861f1daf55f6719b1e0c226ed7269a (patch)
tree	38495bb9f4824ff00eda5a0c27040fb7edeb7715 /libavformat/mov.c
parent	6089c44a2af1394bb34257814ba50e05b84112ec (diff)
download	ffmpeg-9d83b209d8861f1daf55f6719b1e0c226ed7269a.tar.gz