1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

movdec: Check count of stts/ctts elements instead of just the pointer.

Fixes overreading the array

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-05-29 19:28:09 +02:00
parent 1b8741a684
commit 5880d78873

View File

@ -1874,7 +1874,7 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
sc->empty_duration = av_rescale(sc->empty_duration, sc->time_scale, mov->time_scale);
sc->time_offset = sc->start_time - sc->empty_duration;
current_dts = -sc->time_offset;
if (sc->ctts_data && sc->stts_data &&
if (sc->ctts_count>0 && sc->stts_count>0 &&
sc->ctts_data[0].duration / FFMAX(sc->stts_data[0].duration, 1) > 16) {
/* more than 16 frames delay, dts are likely wrong
this happens with files created by iMovie */