From patchwork Tue Feb 13 22:48:28 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?b?WGlhb2hhbiBXYW5nICjnjovmtojlr5Ip?=
 <xhwang@chromium.org>
X-Patchwork-Id: 7587
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 10.2.150.1 with SMTP id c1csp70758jai;
	Tue, 13 Feb 2018 14:49:00 -0800 (PST)
X-Google-Smtp-Source: 
 AH8x225RDEglTpDYO1mFDaMBhp25iiT+Y5NxicWI8QRuw0CcTIMEX9TpiKuMAIPhtjMO6oDlr2AK
X-Received: by 10.28.6.203 with SMTP id 194mr2395555wmg.8.1518562140006;
	Tue, 13 Feb 2018 14:49:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518562139; cv=none;
	d=google.com; s=arc-20160816;
	b=sMedxNfe8bem4FskqOCJ0C5FYCzCvHjqVwnA6CBWQ5OwRVvX2x2zvKK6xSJqKCukt4
	4tRsnqtOy3ocnTTuU9/XdVSlguAY3Gtu1Zn+k9/OyeSpd8z3IjO0qVBDgf4IzsjWoW1J
	zgkwBNgq5OWLh0N1AzGVDPyzQKsLEDNp8qySPf3f2zov2Uu+0JSglqk73cNMJuH20J0e
	GY6vkD5gVuDxBTv0BhdHxk8s1oELD5f4awjX94nQ6xpSz/AHVC61cHJ1tJybf0ua0hej
	RzEW/S9hWf7jFf7tzHxBuPgTBuISIT1DGMU7UZy7RFgGSbaH48dfyXHbO7PbMyvfYGNr
	BZ4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=sender:errors-to:reply-to:list-subscribe:list-help:list-post
	:list-archive:list-unsubscribe:list-id:precedence:subject:to
	:message-id:date:from:mime-version:dkim-signature:dkim-signature
	:delivered-to:arc-authentication-results;
	bh=PYd8F/NBzV/VP9fVxhHjswygcS0wolS1RrP5faSW0ro=;
	b=TFuR6fxAUDGKPNP9VaqYuKKEco3hNS54z33j8WJ/+XFcRNk2snToPz3ZHwWDZgsAFG
	HpGscHO/eV+soDeW6J0UKDzhqVBAZhH1T7FNQebkCMResNoX/y1vjpNa7SS9L5n5vw6B
	A7rGiID2SW+22o8v6sUXIStKdTMzzhP52In3D0JrdtAKlzNffHFY3WeA37+JKUvW1XqN
	eRkSvrggO4xk9HDwEK2rVTqmGaQrZGsQLpc2Zd4iuoivmzk/9z63vySmLlr0l77J/3kO
	I7/im8zuIa69JeOOzpebpHvLtQPD+FEaVI3FsvA14yypopYwjVCTrpIRCzSwE+fQbqcZ
	2k3A==
ARC-Authentication-Results: i=1; mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@google.com
	header.s=20161025 header.b=Ty73z38K;
	dkim=neutral (body hash did not verify) header.i=@chromium.org
	header.s=google header.b=VvsyexdX;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id b4si427484wrf.69.2018.02.13.14.48.59;
	Tue, 13 Feb 2018 14:48:59 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@google.com
	header.s=20161025 header.b=Ty73z38K;
	dkim=neutral (body hash did not verify) header.i=@chromium.org
	header.s=google header.b=VvsyexdX;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 896E5689CC7;
	Wed, 14 Feb 2018 00:48:46 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-yw0-f176.google.com (mail-yw0-f176.google.com
	[209.85.161.176])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9BB8F68999E
	for <ffmpeg-devel@ffmpeg.org>; Wed, 14 Feb 2018 00:48:39 +0200 (EET)
Received: by mail-yw0-f176.google.com with SMTP id t129so13477335ywc.3
	for <ffmpeg-devel@ffmpeg.org>; Tue, 13 Feb 2018 14:48:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=20161025;
	h=mime-version:sender:from:date:message-id:subject:to;
	bh=vTG/Myl1yqR4D8jyOE/ZLCMYkPgXs1LCzrrYLzFbrMw=;
	b=Ty73z38KRJBS1rUdlyFRX7bIJUPgmmGsfL87DBbpdIkG/wku3T9PcoY8mZCYCEblEm
	vDw56dmuy7YQAyX7u+9cRV5Ibwx6AvvEAEKA/70CbxZeuJlLYXWg7xRr2UChpcln9VMC
	TF0oJdI1zSid23vFiiXWTA0y27DzojuwY57L+twDvroTjp1m0hekhUVrlNfJaE562EF+
	k7tubLknBeV2SyzstO1C49eCCT/gyy28bAnplhKMXVqhOnODGcHQ1Zu3v48Tdr1Fv9fU
	4mmu2/FkgJqihjBCIAjavlmK+gvrN5GK5O1qylpiZ7OPeCL38cpftOg7ksnISUMpiZmW
	VVdg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org;
	s=google;
	h=mime-version:sender:from:date:message-id:subject:to;
	bh=vTG/Myl1yqR4D8jyOE/ZLCMYkPgXs1LCzrrYLzFbrMw=;
	b=VvsyexdXMG13kuY2sq88DRdc91MGbBVYqGUjWR+ro++BtqBqw8vG0JzhDdtHi38ugN
	xIqv1bTVgBoyHDVTERKLvZxvtLP6UX8mD4BAnYy/xb+S4x6gaOQm+4PifizV/8h3nmGw
	WW7U7WitEu2KD9J942u4EgzO1Oxi2qr5cj12E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:sender:from:date:message-id:subject
	:to; bh=vTG/Myl1yqR4D8jyOE/ZLCMYkPgXs1LCzrrYLzFbrMw=;
	b=V8Gj08/8xl8pSLTuoLoBEaBoHKax3EpWcsLrCAS86CwunDW35oPOtOr1lAzNIMVQm+
	sJSm3J1ZZQKe8/bZ9oWB3Hh8zuJ5fRze/QZHbK4kzjj6ijNtyZ9M2gYdOBCxRoqOiy2u
	IkivdcTjookOX6w/DLfW3oXqVrj3lnOFDyc7ErROfWBo0YdDZmUwsLYKyZ5qIy5DeyPJ
	4tvO4IrW4eixNbHPozxdYsvw4oHT0mE+lFpOhmYia0UudsBOina83BlDkixoHlfE12aa
	lb772SrNkqdxRyH9bTpjBaZlBxK/IT5JxfRQauVE+tqzKg7nJkzr0ZMWYo+eXmgmLnOe
	ntPQ==
X-Gm-Message-State: APf1xPBDYB7Q+mznggn96NVDkK50YZPnyL0LsI4Vzn/eaF8OJM6S6Fjg
	o2pWSTL0XYdWUb4JMTSwl/amnxmtdx23Et7e+ZcmA3VT
X-Received: by 10.37.190.136 with SMTP id i8mr2010269ybk.185.1518562128949;
	Tue, 13 Feb 2018 14:48:48 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a25:3414:0:0:0:0:0 with HTTP; Tue, 13 Feb 2018 14:48:28
	-0800 (PST)
From: =?UTF-8?B?WGlhb2hhbiBXYW5nICjnjovmtojlr5Ip?= <xhwang@chromium.org>
Date: Tue, 13 Feb 2018 14:48:28 -0800
X-Google-Sender-Auth: Gu_gwFTuylvjbyy98EsQe1LFyoU
Message-ID: 
 <CAF1j9YPT6FeCy42qYPEo0_nSR238E_hLFtMQKY_E4KgBfVsstw@mail.gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
Subject: [FFmpeg-devel] Fix stts_data memory allocation
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>


From 241d5e45eb8750521d07d07aa55ea637359ab55d Mon Sep 17 00:00:00 2001
From: Xiaohan Wang <xhwang@chromium.org>
Date: Tue, 13 Feb 2018 14:45:14 -0800
Subject: [PATCH] ffmpeg: Fix stts_data memory allocation

In this loop, |i| is the "index". And the memory allocated should be at
least the current "count", which is |i + 1|.

BUG=801821
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 5adba52e08..1e02ffb445 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2882,7 +2882,7 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     for (i = 0; i < entries && !pb->eof_reached; i++) {
         int sample_duration;
         unsigned int sample_count;
-        unsigned min_entries = FFMIN(FFMAX(i, 1024 * 1024), entries);
+        unsigned int min_entries = FFMIN(FFMAX(i + 1, 1024 * 1024), entries);
         MOVStts *stts_data = av_fast_realloc(sc->stts_data, &alloc_size,
                                              min_entries * sizeof(*sc->stts_data));
         if (!stts_data) {
-- 
2.16.1.291.g4437f3f132-goog