return ret;
} else if (!key && c->found_hdlr_mdta && c->meta_keys) {
uint32_t index = AV_RB32(&atom.type);
- if (index < c->meta_keys_count) {
+ if (index < c->meta_keys_count && index > 0) {
key = c->meta_keys[index];
} else {
av_log(c->fc, AV_LOG_WARNING,
- "The index of 'data' is out of range: %d >= %d.\n",
+ "The index of 'data' is out of range: %d < 1 or >= %d.\n",
index, c->meta_keys_count);
}
}
AVIndexEntry *e_keep = st->index_entries;
int nb_keep = st->nb_index_entries;
int64_t found = -1;
+ int64_t i = 0;
st->index_entries = e_old;
st->nb_index_entries = nb_old;
found = av_index_search_timestamp(st, timestamp, flag | AVSEEK_FLAG_BACKWARD);
+ // Keep going backwards in the index entries until the timestamp is the same.
+ if (found >= 0) {
+ for (i = found; i > 0 && e_old[i].timestamp == e_old[i - 1].timestamp;
+ i--) {
+ if ((flag & AVSEEK_FLAG_ANY) ||
+ (e_old[i - 1].flags & AVINDEX_KEYFRAME)) {
+ found = i - 1;
+ }
+ }
+ }
+
/* restore AVStream state*/
st->index_entries = e_keep;
st->nb_index_entries = nb_keep;
0x88, 0x14, 0x58, 0x7a, 0x02, 0x52, 0x1f, 0xdd,
};
- if (atom.size < sizeof(uuid) || atom.size == INT64_MAX)
+ if (atom.size < sizeof(uuid) || atom.size >= FFMIN(INT_MAX, SIZE_MAX))
return AVERROR_INVALIDDATA;
if (c->fc->nb_streams < 1)
avio_rb32(pb); /* entries */
- if (atom.size < 8) {
- av_log(c->fc, AV_LOG_ERROR, "senc atom size %"PRId64" too small\n", atom.size);
+ if (atom.size < 8 || atom.size > FFMIN(INT_MAX, SIZE_MAX)) {
+ av_log(c->fc, AV_LOG_ERROR, "senc atom size %"PRId64" invalid\n", atom.size);
return AVERROR_INVALIDDATA;
}
return 0;
}
+ if (atom.size > FFMIN(INT_MAX, SIZE_MAX)) {
+ av_log(c->fc, AV_LOG_ERROR, "saiz atom auxiliary_info_sizes size %"PRId64" invalid\n", atom.size);
+ return AVERROR_INVALIDDATA;
+ }
+
/* save the auxiliary info sizes as is */
data_size = atom.size - atom_header_size;