1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

avformat/mov: Ignore multiple STSC / STCO

Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4

Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2611d20d35)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-03-24 17:03:08 +01:00
parent 930f1fcccd
commit cf8fa41490

View File

@ -2000,8 +2000,10 @@ static int mov_read_stco(MOVContext *c, AVIOContext *pb, MOVAtom atom)
if (!entries)
return 0;
if (sc->chunk_offsets)
av_log(c->fc, AV_LOG_WARNING, "Duplicated STCO atom\n");
if (sc->chunk_offsets) {
av_log(c->fc, AV_LOG_WARNING, "Ignoring duplicated STCO atom\n");
return 0;
}
av_free(sc->chunk_offsets);
sc->chunk_count = 0;
sc->chunk_offsets = av_malloc_array(entries, sizeof(*sc->chunk_offsets));
@ -2647,8 +2649,10 @@ static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
if (!entries)
return 0;
if (sc->stsc_data)
av_log(c->fc, AV_LOG_WARNING, "Duplicated STSC atom\n");
if (sc->stsc_data) {
av_log(c->fc, AV_LOG_WARNING, "Ignoring duplicated STSC atom\n");
return 0;
}
av_free(sc->stsc_data);
sc->stsc_count = 0;
sc->stsc_data = av_malloc_array(entries, sizeof(*sc->stsc_data));