virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00
Code Issues Releases Activity

mov: immediately return from mov_fix_index without old index entries

Browse Source 
If there are no index entries, e_old = st->index_entries is only one
byte large, since it was created by av_realloc called with size 0.

Thus accessing e_old[0].timestamp causes a heap buffer overflow.

Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Andreas Cadhalpun 2016-11-01 01:05:01 +01:00
parent 6089c44a2a
commit 9d83b209d8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/mov.c
View File

@ -2961,7 +2961,7 @@ static void mov_fix_index(MOVContext *mov, AVStream *st)
int first_non_zero_audio_edit = -1;
int packet_skip_samples = 0;
if (!msc->elst_data || msc->elst_count <= 0) {
if (!msc->elst_data || msc->elst_count <= 0 || nb_old <= 0) {
return;
}
// Clean AVStream from traces of old index