From 22a2386a561ccbaabbbfd5cf7f89b2cbbade71b0 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Wed, 30 Sep 2020 14:36:23 +0200 Subject: [PATCH] avformat/movenc: Fix stack overflow when remuxing timecode tracks MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit There are two possible kinds of timecode tracks (with tag "tmcd") in the mov muxer: Tracks created internally by the muxer and timecode tracks sent by the user. If any of the latter exists, the former are deactivated. The former all belong to another track, the source track; the latter don't have a source track set, but the index of the source track is initially zeroed by av_mallocz_array(). This is a problem since 3d894db700cc1e360a7a75ab9ac8bf67ac6670a3: Said commit added a function that calculates the duration of tracks and the duration of timecode tracks is calculated by rescaling the duration (calculated by the very same function) of the source track. This gives an infinite recursion if the first track (the one that will be treated as source track for all timecode tracks) is a timecode track itself, leading to a stack overflow. This commit fixes this by not using the nonexistent source track when calculating the duration of timecode tracks not created internally by the mov muxer. Reviewed-by: Martin Storsjö Signed-off-by: Andreas Rheinhardt --- libavformat/movenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 2006fcee4b6..265465f97b8 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -2901,7 +2901,7 @@ static int mov_write_minf_tag(AVFormatContext *s, AVIOContext *pb, MOVMuxContext static int64_t calc_pts_duration(MOVMuxContext *mov, MOVTrack *track) { - if (track->tag == MKTAG('t','m','c','d')) { + if (track->tag == MKTAG('t','m','c','d') && mov->nb_meta_tmcd) { // tmcd tracks gets track_duration set in mov_write_moov_tag from // another track's duration, while the end_pts may be left at zero. // Calculate the pts duration for that track instead. -- 2.39.2