patch looks good to me. Thanks for the fix. On Mon, Oct 31, 2016 at 5:17 PM, Andreas Cadhalpun < andreas.cadhal...@googlemail.com> wrote:
> On 31.10.2016 19:20, Sasi Inguva wrote: > > First of all, if nb_old == 0 i.e. there are no entries in AVIndex, then > > there is no point in calling mov_fix_index function at all. So instead of > > doing the above , you can directly check for st->nb_index_entries > 0 at > > the top of mov_fix_index and return otherwise. > > OK, patch doing that is attached. > > > Also, I don't understand how nb_old==0 can cause heap overflow. If I read > > the code correctly, if nb_old==0 find_prev_closest_keyframe_index , > should > > return -1, which would make the function skip that edit list here > > > > if (index == -1) { > > av_log(mov>->fc, AV_LOG_ERROR, "Missing key frame while > reordering index according to edit list\n"); > > continue; > > } > > This checks is four lines below the heap buffer overflow, which is > obviously too late. > > Best regards, > Andreas > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel