James Almer: > if sc->tts_count is 0, this condition will wrap around to UINT_MAX and the > code will try to dereference a NULL pointer. > > Fixes ticket #11417 > > Signed-off-by: James Almer <[email protected]> > --- > libavformat/mov.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/mov.c b/libavformat/mov.c > index 405d61fdf5..50ecf6e2b2 100644 > --- a/libavformat/mov.c > +++ b/libavformat/mov.c > @@ -5191,7 +5191,7 @@ static int mov_read_trak(MOVContext *c, AVIOContext > *pb, MOVAtom atom) > } > > #if FF_API_R_FRAME_RATE > - for (int i = 1; sc->stts_count && i < sc->tts_count - 1; i++) { > + for (int i = 1; sc->stts_count && i < (int64_t)sc->tts_count - 1; > i++) { > if (sc->tts_data[i].duration == sc->tts_data[0].duration) > continue; > stts_constant = 0;
Wouldn't i + 1 < sc->tts_count be a more readable alternative (that would also avoid a cast and 64bit arithmetic)? - Andreas _______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
