diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2012-05-29 19:28:09 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-05-29 19:56:07 +0200 |
| commit | 5880d788734d9c4e2dc53c6cdec343ee978d3a3f (patch) | |
| tree | 0581309aa3f23c7750cb0f99cf32e43d3862ae48 /libavformat | |
| parent | 1b8741a6843f3f4667c81c2d63d3182858aa534f (diff) | |
| download | ffmpeg-5880d788734d9c4e2dc53c6cdec343ee978d3a3f.tar.gz | |
movdec: Check count of stts/ctts elements instead of just the pointer.
Fixes overreading the array
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavformat')
| -rw-r--r-- | libavformat/mov.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c index 222166eb72..a7bb0762c2 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1874,7 +1874,7 @@ static void mov_build_index(MOVContext *mov, AVStream *st) sc->empty_duration = av_rescale(sc->empty_duration, sc->time_scale, mov->time_scale); sc->time_offset = sc->start_time - sc->empty_duration; current_dts = -sc->time_offset; - if (sc->ctts_data && sc->stts_data && + if (sc->ctts_count>0 && sc->stts_count>0 && sc->ctts_data[0].duration / FFMAX(sc->stts_data[0].duration, 1) > 16) { /* more than 16 frames delay, dts are likely wrong this happens with files created by iMovie */ |