av_freep(&m->s[i]);
}
av_freep(&m->s);
+ m->count_s = 0;
+ m->style_entries = 0;
}
}
static int decode_styl(const uint8_t *tsmb, MovTextContext *m, AVPacket *avpkt)
{
int i;
- m->style_entries = AV_RB16(tsmb);
+ int style_entries = AV_RB16(tsmb);
tsmb += 2;
// A single style record is of length 12 bytes.
- if (m->tracksize + m->size_var + 2 + m->style_entries * 12 > avpkt->size)
+ if (m->tracksize + m->size_var + 2 + style_entries * 12 > avpkt->size)
return -1;
+ m->style_entries = style_entries;
+
m->box_flags |= STYL_BOX;
for(i = 0; i < m->style_entries; i++) {
m->s_temp = av_malloc(sizeof(*m->s_temp));
tsmb_type = AV_RB32(tsmb);
tsmb += 4;
- if (tsmb_size == 0) {
- return AVERROR_INVALIDDATA;
- }
-
if (tsmb_size == 1) {
if (m->tracksize + 16 > avpkt->size)
break;
m->size_var = 8;
//size_var is equal to 8 or 16 depending on the size of box
- if (m->tracksize + tsmb_size > avpkt->size)
+ if (tsmb_size == 0) {
+ av_log(avctx, AV_LOG_ERROR, "tsmb_size is 0\n");
+ return AVERROR_INVALIDDATA;
+ }
+
+ if (tsmb_size > avpkt->size - m->tracksize)
break;
for (size_t i = 0; i < box_count; i++) {
projects / ffmpeg / blobdiff