diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-01-25 16:25:39 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-01-29 15:43:13 +0000 |
commit | 2b94bfe47ccb6c08047959d1c26e392919550e86 (patch) | |
tree | 4a9cb6fb333ac7e0e5bfbdd3a8faa219880e193d /chromium/third_party/ffmpeg/libavformat | |
parent | 51f6c2793adab2d864b3d2b360000ef8db1d3e92 (diff) | |
download | qtwebengine-chromium-2b94bfe47ccb6c08047959d1c26e392919550e86.tar.gz |
BASELINE: Update Chromium to 71.0.3578.140
Change-Id: Ia85516cc06e245e449ca8a6652242b8a1bcace74
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium/third_party/ffmpeg/libavformat')
-rw-r--r-- | chromium/third_party/ffmpeg/libavformat/mov.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/chromium/third_party/ffmpeg/libavformat/mov.c b/chromium/third_party/ffmpeg/libavformat/mov.c index 76525e208ee..c656437a8c8 100644 --- a/chromium/third_party/ffmpeg/libavformat/mov.c +++ b/chromium/third_party/ffmpeg/libavformat/mov.c @@ -1326,6 +1326,10 @@ static int update_frag_index(MOVContext *c, int64_t offset) return -1; for (i = 0; i < c->fc->nb_streams; i++) { + // Avoid building frag index if streams lack track id. + if (c->fc->streams[i]->id < 0) + return AVERROR_INVALIDDATA; + frag_stream_info[i].id = c->fc->streams[i]->id; frag_stream_info[i].sidx_pts = AV_NOPTS_VALUE; frag_stream_info[i].tfdt_dts = AV_NOPTS_VALUE; @@ -4180,7 +4184,7 @@ static int mov_read_trak(MOVContext *c, AVIOContext *pb, MOVAtom atom) st = avformat_new_stream(c->fc, NULL); if (!st) return AVERROR(ENOMEM); - st->id = c->fc->nb_streams; + st->id = -1; sc = av_mallocz(sizeof(MOVStreamContext)); if (!sc) return AVERROR(ENOMEM); @@ -4464,6 +4468,11 @@ static int mov_read_tkhd(MOVContext *c, AVIOContext *pb, MOVAtom atom) st = c->fc->streams[c->fc->nb_streams-1]; sc = st->priv_data; + // Each stream (trak) should have exactly 1 tkhd. This catches bad files and + // avoids corrupting AVStreams mapped to an earlier tkhd. + if (st->id != -1) + return AVERROR_INVALIDDATA; + version = avio_r8(pb); flags = avio_rb24(pb); st->disposition |= (flags & MOV_TKHD_FLAG_ENABLED) ? AV_DISPOSITION_DEFAULT : 0; @@ -4730,6 +4739,7 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom) break; } } + av_assert0(index_entry_pos <= st->nb_index_entries); avio_r8(pb); /* version */ flags = avio_rb24(pb); |