dashdec: Fix segfault on decoding segment timeline

If first_seq_no is not within the bounds of timelines then a segfault
will occur.
This patch removes the use of first_seq_no within the timelines array
It also adds first_seq_no to the value returned by calc_next_seg_no_from_timelines
(which allows for different values of 'startNumber')

Signed-off-by: Brendan McGrath <redmcg@redmandi.dyndns.org>

diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c
index f4cbb065e919f1f90c827d5cdec86e60fb98f2d7..f9dc03309798b6bc736df2a1eecba5da07906b60 100644 (file)
--- a/libavformat/dashdec.c
+++ b/libavformat/dashdec.c
@@ -1257,15 +1257,12 @@ static int64_t calc_cur_seg_no(AVFormatContext *s, struct representation *pls)
         if (pls->n_fragments) {
             num = pls->first_seq_no;
         } else if (pls->n_timelines) {
-            start_time_offset = get_segment_start_time_based_on_timeline(pls, 0xFFFFFFFF) - pls->timelines[pls->first_seq_no]->starttime; // total duration of playlist
-            if (start_time_offset < 60 * pls->fragment_timescale)
-                start_time_offset = 0;
-            else
-                start_time_offset = start_time_offset - 60 * pls->fragment_timescale;
-
-            num = calc_next_seg_no_from_timelines(pls, pls->timelines[pls->first_seq_no]->starttime + start_time_offset);
+            start_time_offset = get_segment_start_time_based_on_timeline(pls, 0xFFFFFFFF) - 60 * pls->fragment_timescale; // 60 seconds before end
+            num = calc_next_seg_no_from_timelines(pls, start_time_offset);
             if (num == -1)
                 num = pls->first_seq_no;
+            else
+                num += pls->first_seq_no;
         } else if (pls->fragment_duration){
             if (pls->presentation_timeoffset) {
                 num = pls->presentation_timeoffset * pls->fragment_timescale / pls->fragment_duration;