From 6a63ff19b6a7fe3bc32c7fb4a62fca8f65786432 Mon Sep 17 00:00:00 2001 From: Baptiste Coudurier Date: Wed, 24 Jun 2009 03:38:47 +0000 Subject: [PATCH] check stream existence before assignment, fix #1222 Originally committed as revision 19259 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavformat/mov.c | 136 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 107 insertions(+), 29 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index da38b15f1e..718c5e497a 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -244,10 +244,15 @@ static int mov_read_default(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_dref(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; int entries, i, j; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_be32(pb); // version + flags entries = get_be32(pb); if (entries >= UINT_MAX / sizeof(*sc->drefs)) @@ -390,9 +395,13 @@ static const AVCodecTag mp4_audio_types[] = { static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; + AVStream *st; int tag, len; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + get_be32(pb); /* version + flags */ len = mp4_read_descr(c, pb, &tag); if (tag == MP4ESDescrTag) { @@ -449,7 +458,12 @@ static int mov_read_pasp(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { const int num = get_be32(pb); const int den = get_be32(pb); - AVStream * const st = c->fc->streams[c->fc->nb_streams-1]; + AVStream *st; + + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + if (den != 0) { if ((st->sample_aspect_ratio.den != 1 || st->sample_aspect_ratio.num) && // default (den != st->sample_aspect_ratio.den || num != st->sample_aspect_ratio.num)) @@ -503,12 +517,18 @@ static int mov_read_moof(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_mdhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; - int version = get_byte(pb); + AVStream *st; + MOVStreamContext *sc; + int version; char language[4] = {0}; unsigned lang; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + + version = get_byte(pb); if (version > 1) return -1; /* unsupported */ @@ -570,7 +590,11 @@ static int mov_read_mvhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_smi(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; + AVStream *st; + + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; if((uint64_t)atom.size > (1<<30)) return -1; @@ -590,9 +614,14 @@ static int mov_read_smi(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_enda(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - int little_endian = get_be16(pb); + AVStream *st; + int little_endian; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + + little_endian = get_be16(pb); dprintf(c->fc, "enda %d\n", little_endian); if (little_endian == 1) { switch (st->codec->codec_id) { @@ -642,7 +671,11 @@ static int mov_read_extradata(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_wave(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; + AVStream *st; + + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; if((uint64_t)atom.size > (1<<30)) return -1; @@ -669,7 +702,11 @@ static int mov_read_wave(MOVContext *c, ByteIOContext *pb, MOVAtom atom) */ static int mov_read_glbl(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; + AVStream *st; + + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; if((uint64_t)atom.size > (1<<30)) return -1; @@ -685,10 +722,15 @@ static int mov_read_glbl(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stco(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ @@ -751,10 +793,15 @@ static enum CodecID mov_get_lpcm_codec_id(int bps, int flags) static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; int j, entries, pseudo_stream_id; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ @@ -1078,10 +1125,15 @@ static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stsc(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ @@ -1135,10 +1187,15 @@ static int mov_read_stps(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stss(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ @@ -1162,12 +1219,17 @@ static int mov_read_stss(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries, sample_size, field_size, num_bytes; GetBitContext gb; unsigned char* buf; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ @@ -1225,12 +1287,17 @@ static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_stts(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries; int64_t duration=0; int64_t total_sample_count=0; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ entries = get_be32(pb); @@ -1290,10 +1357,15 @@ static int mov_read_cslg(MOVContext *c, ByteIOContext *pb, MOVAtom atom) static int mov_read_ctts(MOVContext *c, ByteIOContext *pb, MOVAtom atom) { - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; + AVStream *st; + MOVStreamContext *sc; unsigned int i, entries; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + get_byte(pb); /* version */ get_be24(pb); /* flags */ entries = get_be32(pb); @@ -1547,10 +1619,16 @@ static int mov_read_tkhd(MOVContext *c, ByteIOContext *pb, MOVAtom atom) int height; int64_t disp_transform[2]; int display_matrix[3][2]; - AVStream *st = c->fc->streams[c->fc->nb_streams-1]; - MOVStreamContext *sc = st->priv_data; - int version = get_byte(pb); + AVStream *st; + MOVStreamContext *sc; + int version; + if (c->fc->nb_streams < 1) + return 0; + st = c->fc->streams[c->fc->nb_streams-1]; + sc = st->priv_data; + + version = get_byte(pb); get_be24(pb); /* flags */ /* MOV_TRACK_ENABLED 0x0001