[FFmpeg-devel] [PATCH 2/2] avformat/mov: Check stts before move
Michael Niedermayer
michael at niedermayer.cc
Sun Jan 5 06:44:26 EET 2025
Fixes: out of array access
Fixes: 8bcg9j
Regression-since: 865c73c86f9d9d167be7e41ad6cef71eba92dadd (This should be reviewed again)
Found-by: 苏童 <220235212 at seu.edu.cn>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/mov.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 2931deab6e5..6dde2794613 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5941,9 +5941,11 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom)
memmove(sc->ctts_data + index_entry_pos + entries,
sc->ctts_data + index_entry_pos,
sizeof(*sc->ctts_data) * (sc->ctts_count - index_entry_pos));
- memmove(sc->stts_data + index_entry_pos + entries,
- sc->stts_data + index_entry_pos,
- sizeof(*sc->stts_data) * (sc->stts_count - index_entry_pos));
+
+ if (sc->stts_count > index_entry_pos)
+ memmove(sc->stts_data + index_entry_pos + entries,
+ sc->stts_data + index_entry_pos,
+ sizeof(*sc->stts_data) * (sc->stts_count - index_entry_pos));
if (index_entry_pos < sc->current_sample) {
sc->current_sample += entries;
}
--
2.47.0
More information about the ffmpeg-devel
mailing list