From patchwork Thu Feb 15 20:10:33 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?b?WGlhb2hhbiBXYW5nICjnjovmtojlr5Ip?=
 <xhwang@chromium.org>
X-Patchwork-Id: 7607
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 10.2.150.1 with SMTP id c1csp2570519jai;
	Thu, 15 Feb 2018 12:16:41 -0800 (PST)
X-Google-Smtp-Source: 
 AH8x227bEeOrFlR4A33ryt89koDTAsrs8jIepjPabaOGXlZmmwNUGx7OdPE7CNdR5VfXqZRBWi38
X-Received: by 10.28.19.15 with SMTP id 15mr3164615wmt.130.1518725801677;
	Thu, 15 Feb 2018 12:16:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518725801; cv=none;
	d=google.com; s=arc-20160816;
	b=zBeBVFDsPaMDJ4cpuAexSgqwXkDWPF1zUbA0YBvXuNbtQt1eTGuXtNageK6No25KEl
	nL77qg/z5gdAuLsAhe1V00VokoaIoUZZNQpp3KaVbZbYJdfyewy4WuSvWRHerGZ7VTjB
	BJlQx0ogzOlzpOJAWL0brB2uxWEyHwsgy448qWaq+XNFuepNVhOyl4dMzJ7Dhei1a4sH
	Zppvarff7cqGJPyAn0S0GrVFYMapBvk58xmrrZ04rtCCnGl2/w7jMnNnrLnS7uhC0Q9Q
	KRjcnC9vnX82meApwBWmSJGfOSzhbn1kJlDEnaNX54iwh3KIJynYLoRp6JhjN9EY2ioX
	E6XQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=sender:errors-to:reply-to:list-subscribe:list-help:list-post
	:list-archive:list-unsubscribe:list-id:precedence:subject:to
	:message-id:date:from:mime-version:dkim-signature:dkim-signature
	:delivered-to:arc-authentication-results;
	bh=Ua7IsPcDRU+yI7A4SxayowfxNaKB0CTwYsvhi0r1SIM=;
	b=d2Fc6bxqyl8bV7ctXU5xINZJDTHjnA33y2WVfXmt/YcaZy66u74+/usVLWABoEmiOV
	+M+tEks7/HZQwXPBOkkrPU8q21SJpHc7n/2Dq+/8oeWJqfLv+Gdcef8IQ/AdJIlspo4g
	JjCEcenoJVHRr61qE8aC9+Kkwij7mr6JkoP5eaMdKwgT/G/1yv6EycMNb3DGi07i3tLY
	z4RFBgEz5QuDdxHc/UwMG4Ekh/UNZ8EkAAPkDX270dS0O+Vw9SH/po8w6XgJfJNHiV7j
	+Za9g9hVeV00J5C84YuRfNTwmEL+yqNNjRpVmXzoDPRchr36buh7SLJveqUSKf4IUbkI
	+SAA==
ARC-Authentication-Results: i=1; mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@google.com
	header.s=20161025 header.b=Lu0bdfrc;
	dkim=neutral (body hash did not verify) header.i=@chromium.org
	header.s=google header.b=k0279YYz;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id
	j65si2534102wmb.243.2018.02.15.12.16.40;
	Thu, 15 Feb 2018 12:16:41 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@google.com
	header.s=20161025 header.b=Lu0bdfrc;
	dkim=neutral (body hash did not verify) header.i=@chromium.org
	header.s=google header.b=k0279YYz;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 758A0689F69;
	Thu, 15 Feb 2018 22:16:27 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-yw0-f169.google.com (mail-yw0-f169.google.com
	[209.85.161.169])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3D732689E48
	for <ffmpeg-devel@ffmpeg.org>; Thu, 15 Feb 2018 22:16:21 +0200 (EET)
Received: by mail-yw0-f169.google.com with SMTP id w142so624869ywg.13
	for <ffmpeg-devel@ffmpeg.org>; Thu, 15 Feb 2018 12:16:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=20161025;
	h=mime-version:sender:from:date:message-id:subject:to;
	bh=8vltXUzBSWKnJ6xZVH1gNIyWCgU3jac8Od+j2DTO61E=;
	b=Lu0bdfrcR7QB+6gq7a+47JHy5EyRaKkFI6MZ2ZwwKSH2Uv7+jIaLVzg+RT+Z2NGnoP
	A9C+j094LXf7y3JhtohxRN1faXvHeVvV26v+7pb0Xd/7vpEOt89xBPHrDuPyQALc4aFI
	xpN2VCF+eAj7WrAII74fJM0/2P1NpaPc7YurrgVXCSlSAqu3TpfMQmCPcGzeLN5SYU90
	k/bUGG5Il+YdacEZUGVSdtfLPNap1V5hmshGo1rrwclnLM2iQ6GeMewqOALdifvIjzNj
	viLK2At+dYjN6QWh1M1jG2KmgbMdQ5MX9bSh2RWukBpSyYBe/D3mgpKgT1XFz3M52LOj
	S2zQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org;
	s=google;
	h=mime-version:sender:from:date:message-id:subject:to;
	bh=8vltXUzBSWKnJ6xZVH1gNIyWCgU3jac8Od+j2DTO61E=;
	b=k0279YYzpEgisgMiSMZ4M3Krwqg0xS0xD9aClD35iEgvAidfyTC7JcYb0c3kjvJNxd
	Bn9grwFBWzIXCK5ni9R/HJzjZ24WfJFykRt8taCZk4WrOAJZCO30vF3RVf81XU+8iVcn
	jl+8dbB1BEbti2xJ9EAYwhrp5fFp63x/W8YGw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:sender:from:date:message-id:subject
	:to; bh=8vltXUzBSWKnJ6xZVH1gNIyWCgU3jac8Od+j2DTO61E=;
	b=cojP2vh0qU1xVgyx7jFYvcJU1GR/QDsmMU+4RAUZY6cSCmUvrZ83jomk/h6+ISqaQG
	nb8MQPhS4LoSnmx/85TWhYxWF3ZjZoQ75GRZGydpQOsA9sJ1LyuKMfA2YcQWxoc7+GAO
	W1Gkp2JJIxPhHpKPzZnrKxgULFujZFezykk0tX4rTJ/i2YzYmV0NwzFUpN0Vq03bV4DK
	DJSGQgNtlmPe2ftbWOlxgrzmOJWoNIbXxPSUcTB/jHVt0vSPnNBf8lUY0hSWnv0t79yg
	ae5LIvytRB/f/XSySyZtA9ScJ1R027EVAHiQ+K6DN2b6M60T9BIQ8Cooh0Lc5K0YOoFH
	5nPQ==
X-Gm-Message-State: APf1xPCfxRn8FvlEiFb3bhYnpZNMKWuLNkr0l0vsVXGVbVf4OfVxXkWp
	brczk8C2eRb7l5YWZRoEjIsp/qKs1NQc92wg6X+Yev0c
X-Received: by 10.37.80.23 with SMTP id e23mr2937223ybb.512.1518725454442;
	Thu, 15 Feb 2018 12:10:54 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a25:3414:0:0:0:0:0 with HTTP; Thu, 15 Feb 2018 12:10:33
	-0800 (PST)
From: =?UTF-8?B?WGlhb2hhbiBXYW5nICjnjovmtojlr5Ip?= <xhwang@chromium.org>
Date: Thu, 15 Feb 2018 12:10:33 -0800
X-Google-Sender-Auth: mILOccTLe8fVeK2IEaPcF2zRkPU
Message-ID: 
 <CAF1j9YNW370Fi6VkhTVNBcR+Lst-B62W6eRpuCa9-U28fNMMzQ@mail.gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
Subject: [FFmpeg-devel] Fix memset size on ctts_data in mov_read_trun()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>


From 7c1e6b50ebe35b2a38c4f1d0a988e31eccbd0ead Mon Sep 17 00:00:00 2001
From: Xiaohan Wang <xhwang@chromium.org>
Date: Thu, 15 Feb 2018 12:05:53 -0800
Subject: [PATCH] ffmpeg: Fix memset size on ctts_data in mov_read_trun()

The allocated size of sc->ctts_data is
(st->nb_index_entries + entries) * sizeof(*sc->ctts_data).

The size to memset at offset sc->ctts_data + sc->ctts_count should be
(st->nb_index_entries + entries - sc->ctts_count) * sizeof(*sc->ctts_data))

The current code missed |entries| I believe.

BUG=812567
---
 libavformat/mov.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index a3725692a7..6407d60050 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -4723,7 +4723,8 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     // zero valued entries. This ensures clips which mix boxes with and
     // without ctts entries don't pickup uninitialized data.
     memset(sc->ctts_data + sc->ctts_count, 0,
-           (st->nb_index_entries - sc->ctts_count) * sizeof(*sc->ctts_data));
+           (st->nb_index_entries + entries - sc->ctts_count) *
+               sizeof(*sc->ctts_data));
 
     if (index_entry_pos < st->nb_index_entries) {
         // Make hole in index_entries and ctts_data for new samples
-- 
2.16.1.291.g4437f3f132-goog