From 7c1e6b50ebe35b2a38c4f1d0a988e31eccbd0ead Mon Sep 17 00:00:00 2001
From: Xiaohan Wang <xhw...@chromium.org>
Date: Thu, 15 Feb 2018 12:05:53 -0800
Subject: [PATCH] ffmpeg: Fix memset size on ctts_data in mov_read_trun()
The allocated size of sc->ctts_data is
(st->nb_index_entries + entries) * sizeof(*sc->ctts_data).
The size to memset at offset sc->ctts_data + sc->ctts_count should be
(st->nb_index_entries + entries - sc->ctts_count) * sizeof(*sc->ctts_data))
The current code missed |entries| I believe.
BUG=812567
---
libavformat/mov.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index a3725692a7..6407d60050 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -4723,7 +4723,8 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom)
// zero valued entries. This ensures clips which mix boxes with and
// without ctts entries don't pickup uninitialized data.
memset(sc->ctts_data + sc->ctts_count, 0,
- (st->nb_index_entries - sc->ctts_count) * sizeof(*sc->ctts_data));
+ (st->nb_index_entries + entries - sc->ctts_count) *
+ sizeof(*sc->ctts_data));
if (index_entry_pos < st->nb_index_entries) {
// Make hole in index_entries and ctts_data for new samples
--
2.16.1.291.g4437f3f132-goog
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
