From fd1772b7475d0d5673a5dd314ee78443d0be4cf1 Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Mon, 13 Jan 2025 18:17:06 -0300
Subject: [PATCH] avformat/mov: fix potential unsigned underflow in loop
 condition

if sc->tts_count is 0, this condition will wrap around to UINT_MAX and the
code will try to dereference a NULL pointer.

Fixes ticket #11417

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 405d61fdf5..138120488a 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5191,7 +5191,7 @@ static int mov_read_trak(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         }
 
 #if FF_API_R_FRAME_RATE
-        for (int i = 1; sc->stts_count && i < sc->tts_count - 1; i++) {
+        for (unsigned int i = 1; sc->stts_count && i + 1 < sc->tts_count; i++) {
             if (sc->tts_data[i].duration == sc->tts_data[0].duration)
                 continue;
             stts_constant = 0;