Fixes: out of array access
Fixes: 8bcg9j
Regression-since: 865c73c86f9d9d167be7e41ad6cef71eba92dadd (This should be
reviewed again)
Found-by: 苏童 <220235...@seu.edu.cn>
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavformat/mov.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 2931deab6e5..6dde2794613 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5941,9 +5941,11 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
memmove(sc->ctts_data + index_entry_pos + entries,
sc->ctts_data + index_entry_pos,
sizeof(*sc->ctts_data) * (sc->ctts_count - index_entry_pos));
- memmove(sc->stts_data + index_entry_pos + entries,
- sc->stts_data + index_entry_pos,
- sizeof(*sc->stts_data) * (sc->stts_count - index_entry_pos));
+
+ if (sc->stts_count > index_entry_pos)
+ memmove(sc->stts_data + index_entry_pos + entries,
+ sc->stts_data + index_entry_pos,
+ sizeof(*sc->stts_data) * (sc->stts_count -
index_entry_pos));
if (index_entry_pos < sc->current_sample) {
sc->current_sample += entries;
}
--
2.47.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
