diff mbox

[FFmpeg-devel] Fix stts_data memory allocation

Message ID CAF1j9YPT6FeCy42qYPEo0_nSR238E_hLFtMQKY_E4KgBfVsstw@mail.gmail.com
State New
Headers show

Commit Message

Xiaohan Wang (王消寒) Feb. 13, 2018, 10:48 p.m. UTC

Comments

Carl Eugen Hoyos Feb. 14, 2018, 12:06 a.m. UTC | #1 
2018-02-13 23:48 GMT+01:00 Xiaohan Wang (王消寒) <xhwang@chromium.org>:

Thank you for the fix!
(What's wrong with "unsigned"?)

Carl Eugen
Xiaohan Wang (王消寒) Feb. 14, 2018, 12:08 a.m. UTC | #2 
"unsigned" is perfectly fine. Just trying to be consistent with the line
above.

On Tue, Feb 13, 2018 at 4:06 PM, Carl Eugen Hoyos <ceffmpeg@gmail.com>
wrote:

> 2018-02-13 23:48 GMT+01:00 Xiaohan Wang (王消寒) <xhwang@chromium.org>:
>
> Thank you for the fix!
> (What's wrong with "unsigned"?)
>
> Carl Eugen
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
Xiaohan Wang (王消寒) March 6, 2018, 10:24 p.m. UTC | #3 
kingly ping!

On Tue, Feb 13, 2018 at 4:08 PM, Xiaohan Wang (王消寒) <xhwang@chromium.org>
wrote:

> "unsigned" is perfectly fine. Just trying to be consistent with the line
> above.
>
> On Tue, Feb 13, 2018 at 4:06 PM, Carl Eugen Hoyos <ceffmpeg@gmail.com>
> wrote:
>
>> 2018-02-13 23:48 GMT+01:00 Xiaohan Wang (王消寒) <xhwang@chromium.org>:
>>
>> Thank you for the fix!
>> (What's wrong with "unsigned"?)
>>
>> Carl Eugen
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel@ffmpeg.org
>> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
>
>
Michael Niedermayer March 9, 2018, 1:41 a.m. UTC | #4 
On Tue, Mar 06, 2018 at 02:24:51PM -0800, Xiaohan Wang (王消寒) wrote:
> kingly ping!

will apply

thx

[...]
diff mbox

Patch

From 241d5e45eb8750521d07d07aa55ea637359ab55d Mon Sep 17 00:00:00 2001
From: Xiaohan Wang <xhwang@chromium.org>
Date: Tue, 13 Feb 2018 14:45:14 -0800
Subject: [PATCH] ffmpeg: Fix stts_data memory allocation

In this loop, |i| is the "index". And the memory allocated should be at
least the current "count", which is |i + 1|.

BUG=801821
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 5adba52e08..1e02ffb445 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2882,7 +2882,7 @@  static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     for (i = 0; i < entries && !pb->eof_reached; i++) {
         int sample_duration;
         unsigned int sample_count;
-        unsigned min_entries = FFMIN(FFMAX(i, 1024 * 1024), entries);
+        unsigned int min_entries = FFMIN(FFMAX(i + 1, 1024 * 1024), entries);
         MOVStts *stts_data = av_fast_realloc(sc->stts_data, &alloc_size,
                                              min_entries * sizeof(*sc->stts_data));
         if (!stts_data) {
-- 
2.16.1.291.g4437f3f132-goog