Ping for review.
> On Sep 24, 2020, at 1:28 AM, Zhao Zhili <quinkbl...@foxmail.com> wrote:
>
> If sc->ctts_allocated_size is larger than the new buffer size,
> av_fast_realloc() will return NULL. Since sc->ctts_data is freed,
> ctts_allocated_size should be reset to zero. It's better to avoid
> free sc->ctts_data at the first place to make better use of
> av_fast_realloc().
> ---
> libavformat/mov.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index dcd263b02a..fcb5a583bd 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -3014,6 +3014,7 @@ static int mov_read_ctts(MOVContext *c, AVIOContext
> *pb, MOVAtom atom)
> {
> AVStream *st;
> MOVStreamContext *sc;
> + MOVStts *ctts_data;
> unsigned int i, entries, ctts_count = 0;
>
> if (c->fc->nb_streams < 1)
> @@ -3031,10 +3032,13 @@ static int mov_read_ctts(MOVContext *c, AVIOContext
> *pb, MOVAtom atom)
> return 0;
> if (entries >= UINT_MAX / sizeof(*sc->ctts_data))
> return AVERROR_INVALIDDATA;
> - av_freep(&sc->ctts_data);
> - sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size, entries
> * sizeof(*sc->ctts_data));
> - if (!sc->ctts_data)
> + ctts_data = av_fast_realloc(sc->ctts_data, &sc->ctts_allocated_size,
> entries * sizeof(*sc->ctts_data));
> + if (!ctts_data) {
> + av_freep(&sc->ctts_data);
> + sc->ctts_allocated_size = 0;
> return AVERROR(ENOMEM);
> + }
> + sc->ctts_data = ctts_data;
>
> for (i = 0; i < entries && !pb->eof_reached; i++) {
> int count = avio_rb32(pb);
> --
> 2.25.1
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
