[FFmpeg-devel] [PATCH] lavf/mov: don't read outside frag_index bounds
Dale Curtis
dalecurtis at chromium.org
Fri Nov 17 22:23:11 EET 2017
lgtm, fixes the crash and doesn't regress any of our tests.
- dale
On Fri, Nov 17, 2017 at 8:21 AM, John Stebbins <jstebbins at jetheaddev.com>
wrote:
> Potentially fixes:
> https://bugs.chromium.org/p/chromium/issues/detail?id=786269#c1
>
> In theory, the crash can be triggered by an invalid stream that has
> either tfdt or trun outside of the moof
> ---
> libavformat/mov.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index d49d820d2b..0fbc7f54a2 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -1188,6 +1188,10 @@ static void set_frag_stream(MOVFragmentIndex
> *frag_index, int id)
> static MOVFragmentStreamInfo * get_current_frag_stream_info(
> MOVFragmentIndex *frag_index)
> {
> + if (frag_index->current < 0 ||
> + frag_index->current >= frag_index->nb_items)
> + return NULL;
> +
> MOVFragmentIndexItem * item = &frag_index->item[frag_index->current];
> if (item->current >= 0 && item->current < item->nb_stream_info)
> return &item->stream_info[item->current];
> --
> 2.13.6
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
More information about the ffmpeg-devel
mailing list