[FFmpeg-cvslog] matroskaenc: fix cue tracknum off by 1 error

Michael Niedermayer git at videolan.org
Sat Feb 23 23:16:31 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Feb 23 23:05:44 2013 +0100| [285485ac5f896cc450e0183daa41a8ee63d17076] | committer: Michael Niedermayer

matroskaenc: fix cue tracknum off by 1 error

Fixes out of array accesses

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=285485ac5f896cc450e0183daa41a8ee63d17076
---

 libavformat/matroskaenc.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c
index 4fbb410..4544f8e 100644
--- a/libavformat/matroskaenc.c
+++ b/libavformat/matroskaenc.c
@@ -407,9 +407,11 @@ static int64_t mkv_write_cues(AVIOContext *pb, mkv_cues *cues, mkv_track *tracks
         for (j = 0; j < num_tracks; j++)
             tracks[j].has_cue = 0;
         for (j = 0; j < cues->num_entries - i && entry[j].pts == pts; j++) {
-            if (tracks[entry[j].tracknum].has_cue)
+            int tracknum = entry[j].tracknum - 1;
+            av_assert0(tracknum>=0 && tracknum<num_tracks);
+            if (tracks[tracknum].has_cue)
                 continue;
-            tracks[entry[j].tracknum].has_cue = 1;
+            tracks[tracknum].has_cue = 1;
             track_positions = start_ebml_master(pb, MATROSKA_ID_CUETRACKPOSITION, MAX_CUETRACKPOS_SIZE);
             put_ebml_uint(pb, MATROSKA_ID_CUETRACK          , entry[j].tracknum   );
             put_ebml_uint(pb, MATROSKA_ID_CUECLUSTERPOSITION, entry[j].cluster_pos);



More information about the ffmpeg-cvslog mailing list