diff options
author | Ronald S. Bultje <rsbultje@gmail.com> | 2012-03-28 12:56:07 -0700 |
---|---|---|
committer | Ronald S. Bultje <rsbultje@gmail.com> | 2012-03-29 11:36:14 -0700 |
commit | 4f7c7624c0db185c48c59d95d745ab3f7851a5b4 (patch) | |
tree | e51230e1161af89afdf4a3d14d7ba0eb1042d3ec /libavformat | |
parent | 0399fe0fd23ff272282dd093cc2720deb6f87ea8 (diff) | |
download | ffmpeg-4f7c7624c0db185c48c59d95d745ab3f7851a5b4.tar.gz |
mov: don't overwrite existing indexes.
Prevents all kind of badness if files contain multiple
indexes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Diffstat (limited to 'libavformat')
-rw-r--r-- | libavformat/mov.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c index 75dec37872..1492486dcc 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1727,6 +1727,7 @@ static void mov_build_index(MOVContext *mov, AVStream *st) unsigned int stps_index = 0; unsigned int i, j; uint64_t stream_size = 0; + AVIndexEntry *mem; /* adjust first dts according to edit list */ if (sc->time_offset && mov->time_scale > 0) { @@ -1755,12 +1756,13 @@ static void mov_build_index(MOVContext *mov, AVStream *st) if (!sc->sample_count) return; - if (sc->sample_count >= UINT_MAX / sizeof(*st->index_entries)) + if (sc->sample_count >= UINT_MAX / sizeof(*st->index_entries) - st->nb_index_entries) return; - st->index_entries = av_malloc(sc->sample_count*sizeof(*st->index_entries)); - if (!st->index_entries) + mem = av_realloc(st->index_entries, (st->nb_index_entries + sc->sample_count) * sizeof(*st->index_entries)); + if (!mem) return; - st->index_entries_allocated_size = sc->sample_count*sizeof(*st->index_entries); + st->index_entries = mem; + st->index_entries_allocated_size = (st->nb_index_entries + sc->sample_count) * sizeof(*st->index_entries); for (i = 0; i < sc->chunk_count; i++) { current_offset = sc->chunk_offsets[i]; @@ -1844,12 +1846,13 @@ static void mov_build_index(MOVContext *mov, AVStream *st) } av_dlog(mov->fc, "chunk count %d\n", total); - if (total >= UINT_MAX / sizeof(*st->index_entries)) + if (total >= UINT_MAX / sizeof(*st->index_entries) - st->nb_index_entries) return; - st->index_entries = av_malloc(total*sizeof(*st->index_entries)); - if (!st->index_entries) + mem = av_realloc(st->index_entries, (st->nb_index_entries + total) * sizeof(*st->index_entries)); + if (!mem) return; - st->index_entries_allocated_size = total*sizeof(*st->index_entries); + st->index_entries = mem; + st->index_entries_allocated_size = (st->nb_index_entries + total) * sizeof(*st->index_entries); // populate index for (i = 0; i < sc->chunk_count; i++) { |