[FFmpeg-devel] [PATCH] Fix 'while' loop condition to prevent movtext crashes by tracking packet size

[Philip Langdale]

On Sun, 17 May 2015 09:56:10 -0700
Philip Langdale <philipl at overt.org> wrote:

> >              tsmb += 4;
> >              tsmb_type = AV_RB32(tsmb);
> > @@ -176,6 +177,7 @@ static int mov_text_decode_frame(AVCodecContext
> > *avctx, av_freep(&style_end);
> >                  av_freep(&style_flags);
> >              }
> > +            tracksize = tracksize + tsmb_size;
> 
> You also need to add +4 for the size field itself (which isn't counted
> in the size value, IIRC. And you'll also need to adjust for large
> boxes when you support those).

Ignore that. It is included.

--phil