avcodec: Implement mpeg1 nvdec hwaccel

[ffmpeg] / libavformat / mov.c

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 79023ef3695263bdfbd5d5089c8078fc3b123d15..0b8f8ad24b998f879d0c1c9118e5a47456d2a984 100644 (file)
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1188,7 +1188,12 @@ static void set_frag_stream(MOVFragmentIndex *frag_index, int id)
 static MOVFragmentStreamInfo * get_current_frag_stream_info(
     MOVFragmentIndex *frag_index)
 {
-    MOVFragmentIndexItem * item = &frag_index->item[frag_index->current];
+    MOVFragmentIndexItem *item;
+    if (frag_index->current < 0 ||
+        frag_index->current >= frag_index->nb_items)
+        return NULL;
+
+    item = &frag_index->item[frag_index->current];
     if (item->current >= 0 && item->current < item->nb_stream_info)
         return &item->stream_info[item->current];
 
@@ -2595,6 +2600,8 @@ static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     avio_rb24(pb); /* flags */
 
     entries = avio_rb32(pb);
+    if ((uint64_t)entries * 12 + 4 > atom.size)
+        return AVERROR_INVALIDDATA;
 
     av_log(c->fc, AV_LOG_TRACE, "track[%u].stsc.entries = %u\n", c->fc->nb_streams - 1, entries);
 
@@ -3551,6 +3558,7 @@ static void mov_fix_index(MOVContext *mov, AVStream *st)
     // Free the old index and the old CTTS structures
     av_free(e_old);
     av_free(ctts_data_old);
+    av_freep(&frame_duration_buffer);
 
     // Null terminate the index ranges array
     current_index_range++;