[FFmpeg-devel] [PATCH 1/2] avformat/mov: fix potential unsigned underflow in loop condition

[James Almer]

if sc->tts_count is 0, this condition will wrap around to UINT_MAX and the
code will try to dereference a NULL pointer.

Fixes ticket #11417

Signed-off-by: James Almer <jamrial at gmail.com>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 405d61fdf5..138120488a 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5191,7 +5191,7 @@ static int mov_read_trak(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         }
 
 #if FF_API_R_FRAME_RATE
-        for (int i = 1; sc->stts_count && i < sc->tts_count - 1; i++) {
+        for (unsigned int i = 1; sc->stts_count && i + 1 < sc->tts_count; i++) {
             if (sc->tts_data[i].duration == sc->tts_data[0].duration)
                 continue;
             stts_constant = 0;
-- 
2.48.0