[FFmpeg-devel] [mov] Bail when invalid sample data is present.

Dale Curtis dalecurtis at chromium.org
Tue Aug 1 02:42:20 EEST 2017

I'm not convinced my original patch catches all cases. So here's an updated
one which explicitly verifies the contract.

- dale

On Mon, Jul 31, 2017 at 2:40 PM, Dale Curtis <dalecurtis at chromium.org>

> [mov] Bail when invalid sample data is present.
> ctts data in ffmpeg relies on the index entries array to be 1:1
> with samples... yet sc->sample_count can be read directly from
> the 'stsz' box and index entries are only generated if a chunk
> count has been read from 'stco' box.
> Ensure that if sc->sample_count > 0, sc->chunk_count is too.
> This should be applied on top of the ctts fixes in my previous patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sample_count_fix_v2.patch
Type: text/x-patch
Size: 2200 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170731/64846976/attachment.bin>

More information about the ffmpeg-devel mailing list