[FFmpeg-cvslog] avformat/mov: Initialize a potential gap in ctts_data in mov_build_index

Matt Wolenetz git at videolan.org
Mon Mar 5 02:17:04 EET 2018

ffmpeg | branch: master | Matt Wolenetz <wolenetz at chromium.org> | Fri Mar  2 15:12:41 2018 -0800| [133ddd38750acc01d0a9599d5b31375d33798d67] | committer: Michael Niedermayer

avformat/mov: Initialize a potential gap in ctts_data in mov_build_index

mov_read_ctts ignores ctts entries having count <= 0. Generally, the
aggregate of all ctts entries' count fields resulting from mov_read_ctts
can be less than the corresponding sample_count.

mov_build_index attempts to normalize any existing ctts_data counts to
be 1, to make a 1-1 mapping of a ctts_data entry to a sample.

That 1-1 mapping left a tail of uninitialized ctts_data entries when the
aggregate, normalized ctts_count < sample_count.

Even more generally, later usage of ctts_data may depend on the entire
ctts_allocated_size having been initialized.

This change memsets the entire allocation of the normalized ctts_data in
mov_build_index, to prevent use of uninitialized data later.


Change-Id: I7fd7db255e3aeed076ee32c90cb2df211741c052
Reviewed-on: https://chromium-review.googlesource.com/947110
Reviewed-by: Xiaohan Wang <xhwang at chromium.org>

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=133ddd38750acc01d0a9599d5b31375d33798d67

 libavformat/mov.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 00b3b25944..95b9cd3f8b 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3747,6 +3747,9 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
+            memset((uint8_t*)(sc->ctts_data), 0, sc->ctts_allocated_size);
             for (i = 0; i < ctts_count_old &&
                         sc->ctts_count < sc->sample_count; i++)
                 for (j = 0; j < ctts_data_old[i].count &&

More information about the ffmpeg-cvslog mailing list