Skip to content

F
ffmpeg.wasm-core
Commit 4f7c7624 authored by Ronald S. Bultje's avatar Ronald S. Bultje
Browse files
Options

mov: don't overwrite existing indexes. 

Prevents all kind of badness if files contain multiple
indexes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
parent 0399fe0f
Show whitespace changes
Inline Side-by-side
Showing with 11 additions and 8 deletions
libavformat/mov.c
View file @ 4f7c7624
...@@ -1727,6 +1727,7 @@ static void mov_build_index(MOVContext *mov, AVStream *st) ...@@ -1727,6 +1727,7 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
unsigned int stps_index = 0; unsigned int stps_index = 0;
unsigned int i, j; unsigned int i, j;
uint64_t stream_size = 0; uint64_t stream_size = 0;
AVIndexEntry *mem;
/* adjust first dts according to edit list */ /* adjust first dts according to edit list */
if (sc->time_offset && mov->time_scale > 0) { if (sc->time_offset && mov->time_scale > 0) {
...@@ -1755,12 +1756,13 @@ static void mov_build_index(MOVContext *mov, AVStream *st) ...@@ -1755,12 +1756,13 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
if (!sc->sample_count) if (!sc->sample_count)
return; return;
if (sc->sample_count >= UINT_MAX / sizeof(*st->index_entries)) if (sc->sample_count >= UINT_MAX / sizeof(*st->index_entries) - st->nb_index_entries)
return; return;
st->index_entries = av_malloc(sc->sample_count*sizeof(*st->index_entries)); mem = av_realloc(st->index_entries, (st->nb_index_entries + sc->sample_count) * sizeof(*st->index_entries));
if (!st->index_entries) if (!mem)
return; return;
st->index_entries_allocated_size = sc->sample_count*sizeof(*st->index_entries); st->index_entries = mem;
st->index_entries_allocated_size = (st->nb_index_entries + sc->sample_count) * sizeof(*st->index_entries);
for (i = 0; i < sc->chunk_count; i++) { for (i = 0; i < sc->chunk_count; i++) {
current_offset = sc->chunk_offsets[i]; current_offset = sc->chunk_offsets[i];
...@@ -1844,12 +1846,13 @@ static void mov_build_index(MOVContext *mov, AVStream *st) ...@@ -1844,12 +1846,13 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
} }
av_dlog(mov->fc, "chunk count %d\n", total); av_dlog(mov->fc, "chunk count %d\n", total);
if (total >= UINT_MAX / sizeof(*st->index_entries)) if (total >= UINT_MAX / sizeof(*st->index_entries) - st->nb_index_entries)
return; return;
st->index_entries = av_malloc(total*sizeof(*st->index_entries)); mem = av_realloc(st->index_entries, (st->nb_index_entries + total) * sizeof(*st->index_entries));
if (!st->index_entries) if (!mem)
return; return;
st->index_entries_allocated_size = total*sizeof(*st->index_entries); st->index_entries = mem;
st->index_entries_allocated_size = (st->nb_index_entries + total) * sizeof(*st->index_entries);
// populate index // populate index
for (i = 0; i < sc->chunk_count; i++) { for (i = 0; i < sc->chunk_count; i++) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment