[FFmpeg-cvslog] avformat/mov: Check that we have a stream before accessing it in mov_read_ares()

Michael Niedermayer git at videolan.org
Wed Jan 8 01:27:52 CET 2014


ffmpeg | branch: release/2.1 | Michael Niedermayer <michaelni at gmx.at> | Fri Nov 22 20:09:03 2013 +0100| [580d3ef6fea356785496b9b06798b7aa7080c0ea] | committer: Michael Niedermayer

avformat/mov: Check that we have a stream before accessing it in mov_read_ares()

Fixes out of array read
Fixes: signal_sigsegv_6f1855_3910_avid_test_alpha.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit a7f27453f64d9020b92b01687baeb5909c6cdad0)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=580d3ef6fea356785496b9b06798b7aa7080c0ea
---

 libavformat/mov.c |   20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index eec8485..c5d4dcb 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1042,15 +1042,17 @@ static int mov_read_targa_y216(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 
 static int mov_read_ares(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 {
-    AVCodecContext *codec = c->fc->streams[c->fc->nb_streams-1]->codec;
-    if (codec->codec_tag == MKTAG('A', 'V', 'i', 'n') &&
-        codec->codec_id == AV_CODEC_ID_H264 &&
-        atom.size > 11) {
-        avio_skip(pb, 10);
-        /* For AVID AVCI50, force width of 1440 to be able to select the correct SPS and PPS */
-        if (avio_rb16(pb) == 0xd4d)
-            codec->width = 1440;
-        return 0;
+    if (c->fc->nb_streams >= 1) {
+        AVCodecContext *codec = c->fc->streams[c->fc->nb_streams-1]->codec;
+        if (codec->codec_tag == MKTAG('A', 'V', 'i', 'n') &&
+            codec->codec_id == AV_CODEC_ID_H264 &&
+            atom.size > 11) {
+            avio_skip(pb, 10);
+            /* For AVID AVCI50, force width of 1440 to be able to select the correct SPS and PPS */
+            if (avio_rb16(pb) == 0xd4d)
+                codec->width = 1440;
+            return 0;
+        }
     }
 
     return mov_read_avid(c, pb, atom);



More information about the ffmpeg-cvslog mailing list