diff options
author | Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> | 2016-11-01 01:05:01 +0100 |
---|---|---|
committer | Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> | 2016-11-17 23:12:23 +0100 |
commit | d95568f9a2d3c2d96265086db0a995b60f45b528 (patch) | |
tree | ef1106ad7848b07c9089dd83cd74cea82b717fb1 /libavutil/intmath.c | |
parent | 6e5ccabbe8461f5bde1c8ad87a2ced343fd2e5b7 (diff) | |
download | ffmpeg-d95568f9a2d3c2d96265086db0a995b60f45b528.tar.gz |
mov: immediately return from mov_fix_index without old index entries
If there are no index entries, e_old = st->index_entries is only one
byte large, since it was created by av_realloc called with size 0.
Thus accessing e_old[0].timestamp causes a heap buffer overflow.
Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 9d83b209d8861f1daf55f6719b1e0c226ed7269a)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Diffstat (limited to 'libavutil/intmath.c')
0 files changed, 0 insertions, 0 deletions