Commit 6a63ff19 authored by Baptiste Coudurier's avatar Baptiste Coudurier

check stream existence before assignment, fix #1222

Originally committed as revision 19259 to svn://svn.ffmpeg.org/ffmpeg/trunk
parent 2722c3a3
...@@ -244,10 +244,15 @@ static int mov_read_default(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -244,10 +244,15 @@ static int mov_read_default(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_dref(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_dref(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
MOVStreamContext *sc = st->priv_data; MOVStreamContext *sc;
int entries, i, j; int entries, i, j;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
get_be32(pb); // version + flags get_be32(pb); // version + flags
entries = get_be32(pb); entries = get_be32(pb);
if (entries >= UINT_MAX / sizeof(*sc->drefs)) if (entries >= UINT_MAX / sizeof(*sc->drefs))
...@@ -390,9 +395,13 @@ static const AVCodecTag mp4_audio_types[] = { ...@@ -390,9 +395,13 @@ static const AVCodecTag mp4_audio_types[] = {
static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
int tag, len; int tag, len;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
get_be32(pb); /* version + flags */ get_be32(pb); /* version + flags */
len = mp4_read_descr(c, pb, &tag); len = mp4_read_descr(c, pb, &tag);
if (tag == MP4ESDescrTag) { if (tag == MP4ESDescrTag) {
...@@ -449,7 +458,12 @@ static int mov_read_pasp(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -449,7 +458,12 @@ static int mov_read_pasp(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
const int num = get_be32(pb); const int num = get_be32(pb);
const int den = get_be32(pb); const int den = get_be32(pb);
AVStream * const st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
if (den != 0) { if (den != 0) {
if ((st->sample_aspect_ratio.den != 1 || st->sample_aspect_ratio.num) && // default if ((st->sample_aspect_ratio.den != 1 || st->sample_aspect_ratio.num) && // default
(den != st->sample_aspect_ratio.den || num != st->sample_aspect_ratio.num)) (den != st->sample_aspect_ratio.den || num != st->sample_aspect_ratio.num))
...@@ -503,12 +517,18 @@ static int mov_read_moof(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -503,12 +517,18 @@ static int mov_read_moof(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_mdhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_mdhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
MOVStreamContext *sc = st->priv_data; MOVStreamContext *sc;
int version = get_byte(pb); int version;
char language[4] = {0}; char language[4] = {0};
unsigned lang; unsigned lang;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
version = get_byte(pb);
if (version > 1) if (version > 1)
return -1; /* unsupported */ return -1; /* unsupported */
...@@ -570,7 +590,11 @@ static int mov_read_mvhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -570,7 +590,11 @@ static int mov_read_mvhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_smi(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_smi(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
if((uint64_t)atom.size > (1<<30)) if((uint64_t)atom.size > (1<<30))
return -1; return -1;
...@@ -590,9 +614,14 @@ static int mov_read_smi(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -590,9 +614,14 @@ static int mov_read_smi(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_enda(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_enda(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
int little_endian = get_be16(pb); int little_endian;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
little_endian = get_be16(pb);
dprintf(c->fc, "enda %d\n", little_endian); dprintf(c->fc, "enda %d\n", little_endian);
if (little_endian == 1) { if (little_endian == 1) {
switch (st->codec->codec_id) { switch (st->codec->codec_id) {
...@@ -642,7 +671,11 @@ static int mov_read_extradata(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -642,7 +671,11 @@ static int mov_read_extradata(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_wave(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_wave(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
if((uint64_t)atom.size > (1<<30)) if((uint64_t)atom.size > (1<<30))
return -1; return -1;
...@@ -669,7 +702,11 @@ static int mov_read_wave(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -669,7 +702,11 @@ static int mov_read_wave(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
*/ */
static int mov_read_glbl(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_glbl(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
if((uint64_t)atom.size > (1<<30)) if((uint64_t)atom.size > (1<<30))
return -1; return -1;
...@@ -685,10 +722,15 @@ static int mov_read_glbl(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -685,10 +722,15 @@ static int mov_read_glbl(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_stco(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stco(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
MOVStreamContext *sc = st->priv_data; MOVStreamContext *sc;
unsigned int i, entries; unsigned int i, entries;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
get_byte(pb); /* version */ get_byte(pb); /* version */
get_be24(pb); /* flags */ get_be24(pb); /* flags */
...@@ -751,10 +793,15 @@ static enum CodecID mov_get_lpcm_codec_id(int bps, int flags) ...@@ -751,10 +793,15 @@ static enum CodecID mov_get_lpcm_codec_id(int bps, int flags)
static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
MOVStreamContext *sc = st->priv_data; MOVStreamContext *sc;
int j, entries, pseudo_stream_id; int j, entries, pseudo_stream_id;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
get_byte(pb); /* version */ get_byte(pb); /* version */
get_be24(pb); /* flags */ get_be24(pb); /* flags */
...@@ -1078,10 +1125,15 @@ static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -1078,10 +1125,15 @@ static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_stsc(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stsc(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
MOVStreamContext *sc = st->priv_data; MOVStreamContext *sc;
unsigned int i, entries; unsigned int i, entries;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
get_byte(pb); /* version */ get_byte(pb); /* version */
get_be24(pb); /* flags */ get_be24(pb); /* flags */
...@@ -1135,10 +1187,15 @@ static int mov_read_stps(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -1135,10 +1187,15 @@ static int mov_read_stps(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_stss(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stss(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
MOVStreamContext *sc = st->priv_data; MOVStreamContext *sc;
unsigned int i, entries; unsigned int i, entries;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
get_byte(pb); /* version */ get_byte(pb); /* version */
get_be24(pb); /* flags */ get_be24(pb); /* flags */
...@@ -1162,12 +1219,17 @@ static int mov_read_stss(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -1162,12 +1219,17 @@ static int mov_read_stss(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
MOVStreamContext *sc = st->priv_data; MOVStreamContext *sc;
unsigned int i, entries, sample_size, field_size, num_bytes; unsigned int i, entries, sample_size, field_size, num_bytes;
GetBitContext gb; GetBitContext gb;
unsigned char* buf; unsigned char* buf;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
get_byte(pb); /* version */ get_byte(pb); /* version */
get_be24(pb); /* flags */ get_be24(pb); /* flags */
...@@ -1225,12 +1287,17 @@ static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -1225,12 +1287,17 @@ static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_stts(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stts(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
MOVStreamContext *sc = st->priv_data; MOVStreamContext *sc;
unsigned int i, entries; unsigned int i, entries;
int64_t duration=0; int64_t duration=0;
int64_t total_sample_count=0; int64_t total_sample_count=0;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
get_byte(pb); /* version */ get_byte(pb); /* version */
get_be24(pb); /* flags */ get_be24(pb); /* flags */
entries = get_be32(pb); entries = get_be32(pb);
...@@ -1290,10 +1357,15 @@ static int mov_read_cslg(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -1290,10 +1357,15 @@ static int mov_read_cslg(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
static int mov_read_ctts(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_ctts(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
{ {
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
MOVStreamContext *sc = st->priv_data; MOVStreamContext *sc;
unsigned int i, entries; unsigned int i, entries;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
get_byte(pb); /* version */ get_byte(pb); /* version */
get_be24(pb); /* flags */ get_be24(pb); /* flags */
entries = get_be32(pb); entries = get_be32(pb);
...@@ -1547,10 +1619,16 @@ static int mov_read_tkhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) ...@@ -1547,10 +1619,16 @@ static int mov_read_tkhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
int height; int height;
int64_t disp_transform[2]; int64_t disp_transform[2];
int display_matrix[3][2]; int display_matrix[3][2];
AVStream *st = c->fc->streams[c->fc->nb_streams-1]; AVStream *st;
MOVStreamContext *sc = st->priv_data; MOVStreamContext *sc;
int version = get_byte(pb); int version;
if (c->fc->nb_streams < 1)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
version = get_byte(pb);
get_be24(pb); /* flags */ get_be24(pb); /* flags */
/* /*
MOV_TRACK_ENABLED 0x0001 MOV_TRACK_ENABLED 0x0001
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment