mov: fix self referencing timecode tracks

Fixes read after free.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 5575b827c23d30080802af2b331efd25898fb54a..86ec95c1e533557990213f7bd5e7177205c2ccf8 100644 (file)
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3173,7 +3173,7 @@ static int mov_read_header(AVFormatContext *s)
                 if (s->streams[j]->id == sc->timecode_track)
                     tmcd_st_id = j;
 
-            if (tmcd_st_id < 0)
+            if (tmcd_st_id < 0 || tmcd_st_id == i)
                 continue;
             tcr = av_dict_get(s->streams[tmcd_st_id]->metadata, "timecode", NULL, 0);
             if (tcr)