[FFmpeg-cvslog] lavf/mov: don't read outside frag_index bounds
John Stebbins
git at videolan.org
Sat Nov 18 12:59:01 EET 2017
ffmpeg | branch: master | John Stebbins <jstebbins at jetheaddev.com> | Fri Nov 17 08:21:02 2017 -0800| [20c38f2e7085ce02c19df965d02ecdf5628f11b8] | committer: Michael Niedermayer
lavf/mov: don't read outside frag_index bounds
Potentially fixes:
https://bugs.chromium.org/p/chromium/issues/detail?id=786269#c1
In theory, the crash can be triggered by an invalid stream that has
either tfdt or trun outside of the moof
Reviewed-by: Dale Curtis <dalecurtis at chromium.org>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20c38f2e7085ce02c19df965d02ecdf5628f11b8
---
libavformat/mov.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 3eef043046..5c9f926bce 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1188,6 +1188,10 @@ static void set_frag_stream(MOVFragmentIndex *frag_index, int id)
static MOVFragmentStreamInfo * get_current_frag_stream_info(
MOVFragmentIndex *frag_index)
{
+ if (frag_index->current < 0 ||
+ frag_index->current >= frag_index->nb_items)
+ return NULL;
+
MOVFragmentIndexItem * item = &frag_index->item[frag_index->current];
if (item->current >= 0 && item->current < item->nb_stream_info)
return &item->stream_info[item->current];
More information about the ffmpeg-cvslog
mailing list