ffmpeg | branch: master | John Stebbins <jstebb...@jetheaddev.com> | Fri Nov 17 08:21:02 2017 -0800| [20c38f2e7085ce02c19df965d02ecdf5628f11b8] | committer: Michael Niedermayer
lavf/mov: don't read outside frag_index bounds Potentially fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=786269#c1 In theory, the crash can be triggered by an invalid stream that has either tfdt or trun outside of the moof Reviewed-by: Dale Curtis <dalecur...@chromium.org> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20c38f2e7085ce02c19df965d02ecdf5628f11b8 --- libavformat/mov.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 3eef043046..5c9f926bce 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1188,6 +1188,10 @@ static void set_frag_stream(MOVFragmentIndex *frag_index, int id) static MOVFragmentStreamInfo * get_current_frag_stream_info( MOVFragmentIndex *frag_index) { + if (frag_index->current < 0 || + frag_index->current >= frag_index->nb_items) + return NULL; + MOVFragmentIndexItem * item = &frag_index->item[frag_index->current]; if (item->current >= 0 && item->current < item->nb_stream_info) return &item->stream_info[item->current]; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog