Revision 0d8f0abf

View differences:

libavformat/mov.c
246 246
    entries = get_be32(pb);
247 247
    if (entries >= UINT_MAX / sizeof(*sc->drefs))
248 248
        return -1;
249
    sc->drefs_count = entries;
250 249
    sc->drefs = av_mallocz(entries * sizeof(*sc->drefs));
250
    if (!sc->drefs)
251
        return AVERROR(ENOMEM);
252
    sc->drefs_count = entries;
251 253

  
252 254
    for (i = 0; i < sc->drefs_count; i++) {
253 255
        MOVDref *dref = &sc->drefs[i];
......
686 688
    if(entries >= UINT_MAX/sizeof(int64_t))
687 689
        return -1;
688 690

  
689
    sc->chunk_count = entries;
690 691
    sc->chunk_offsets = av_malloc(entries * sizeof(int64_t));
691 692
    if (!sc->chunk_offsets)
692
        return -1;
693
        return AVERROR(ENOMEM);
694
    sc->chunk_count = entries;
695

  
693 696
    if      (atom.type == MKTAG('s','t','c','o'))
694 697
        for(i=0; i<entries; i++)
695 698
            sc->chunk_offsets[i] = get_be32(pb);
......
1070 1073

  
1071 1074
    entries = get_be32(pb);
1072 1075

  
1073
    if(entries >= UINT_MAX / sizeof(*sc->stsc_data))
1074
        return -1;
1075

  
1076 1076
    dprintf(c->fc, "track[%i].stsc.entries = %i\n", c->fc->nb_streams-1, entries);
1077 1077

  
1078
    sc->stsc_count = entries;
1078
    if(entries >= UINT_MAX / sizeof(*sc->stsc_data))
1079
        return -1;
1079 1080
    sc->stsc_data = av_malloc(entries * sizeof(*sc->stsc_data));
1080 1081
    if (!sc->stsc_data)
1081
        return -1;
1082
        return AVERROR(ENOMEM);
1083
    sc->stsc_count = entries;
1084

  
1082 1085
    for(i=0; i<entries; i++) {
1083 1086
        sc->stsc_data[i].first = get_be32(pb);
1084 1087
        sc->stsc_data[i].count = get_be32(pb);
......
1098 1101

  
1099 1102
    entries = get_be32(pb);
1100 1103

  
1104
    dprintf(c->fc, "keyframe_count = %d\n", entries);
1105

  
1101 1106
    if(entries >= UINT_MAX / sizeof(int))
1102 1107
        return -1;
1103

  
1104
    sc->keyframe_count = entries;
1105

  
1106
    dprintf(c->fc, "keyframe_count = %d\n", sc->keyframe_count);
1107

  
1108 1108
    sc->keyframes = av_malloc(entries * sizeof(int));
1109 1109
    if (!sc->keyframes)
1110
        return -1;
1110
        return AVERROR(ENOMEM);
1111
    sc->keyframe_count = entries;
1112

  
1111 1113
    for(i=0; i<entries; i++) {
1112 1114
        sc->keyframes[i] = get_be32(pb);
1113 1115
        //dprintf(c->fc, "keyframes[]=%d\n", sc->keyframes[i]);
......
1128 1130
    if (!sc->sample_size) /* do not overwrite value computed in stsd */
1129 1131
        sc->sample_size = sample_size;
1130 1132
    entries = get_be32(pb);
1131
    if(entries >= UINT_MAX / sizeof(int))
1132
        return -1;
1133

  
1134
    dprintf(c->fc, "sample_size = %d sample_count = %d\n", sc->sample_size, entries);
1133 1135

  
1134 1136
    sc->sample_count = entries;
1135 1137
    if (sample_size)
1136 1138
        return 0;
1137 1139

  
1138
    dprintf(c->fc, "sample_size = %d sample_count = %d\n", sc->sample_size, sc->sample_count);
1139

  
1140
    if(entries >= UINT_MAX / sizeof(int))
1141
        return -1;
1140 1142
    sc->sample_sizes = av_malloc(entries * sizeof(int));
1141 1143
    if (!sc->sample_sizes)
1142
        return -1;
1144
        return AVERROR(ENOMEM);
1145

  
1143 1146
    for(i=0; i<entries; i++)
1144 1147
        sc->sample_sizes[i] = get_be32(pb);
1145 1148
    return 0;
......
1156 1159
    get_byte(pb); /* version */
1157 1160
    get_be24(pb); /* flags */
1158 1161
    entries = get_be32(pb);
1162

  
1163
    dprintf(c->fc, "track[%i].stts.entries = %i\n", c->fc->nb_streams-1, entries);
1164

  
1159 1165
    if(entries >= UINT_MAX / sizeof(*sc->stts_data))
1160 1166
        return -1;
1161

  
1162
    sc->stts_count = entries;
1163 1167
    sc->stts_data = av_malloc(entries * sizeof(*sc->stts_data));
1164 1168
    if (!sc->stts_data)
1165
        return -1;
1166
    dprintf(c->fc, "track[%i].stts.entries = %i\n", c->fc->nb_streams-1, entries);
1169
        return AVERROR(ENOMEM);
1170
    sc->stts_count = entries;
1167 1171

  
1168 1172
    for(i=0; i<entries; i++) {
1169 1173
        int sample_duration;
......
1197 1201
    get_byte(pb); /* version */
1198 1202
    get_be24(pb); /* flags */
1199 1203
    entries = get_be32(pb);
1204

  
1205
    dprintf(c->fc, "track[%i].ctts.entries = %i\n", c->fc->nb_streams-1, entries);
1206

  
1200 1207
    if(entries >= UINT_MAX / sizeof(*sc->ctts_data))
1201 1208
        return -1;
1202

  
1203
    sc->ctts_count = entries;
1204 1209
    sc->ctts_data = av_malloc(entries * sizeof(*sc->ctts_data));
1205 1210
    if (!sc->ctts_data)
1206
        return -1;
1207
    dprintf(c->fc, "track[%i].ctts.entries = %i\n", c->fc->nb_streams-1, entries);
1211
        return AVERROR(ENOMEM);
1212
    sc->ctts_count = entries;
1208 1213

  
1209 1214
    for(i=0; i<entries; i++) {
1210 1215
        int count    =get_be32(pb);
......
1605 1610

  
1606 1611
    if ((uint64_t)c->trex_count+1 >= UINT_MAX / sizeof(*c->trex_data))
1607 1612
        return -1;
1608
    c->trex_data = av_realloc(c->trex_data, (c->trex_count+1)*sizeof(*c->trex_data));
1609
    if (!c->trex_data)
1613
    trex = av_realloc(c->trex_data, (c->trex_count+1)*sizeof(*c->trex_data));
1614
    if (!trex)
1610 1615
        return AVERROR(ENOMEM);
1616
    c->trex_data = trex;
1611 1617
    trex = &c->trex_data[c->trex_count++];
1612 1618
    get_byte(pb); /* version */
1613 1619
    get_be24(pb); /* flags */
......
1643 1649
    if (flags & 0x001) data_offset        = get_be32(pb);
1644 1650
    if (flags & 0x004) first_sample_flags = get_be32(pb);
1645 1651
    if (flags & 0x800) {
1652
        MOVStts *ctts_data;
1646 1653
        if ((uint64_t)entries+sc->ctts_count >= UINT_MAX/sizeof(*sc->ctts_data))
1647 1654
            return -1;
1648
        sc->ctts_data = av_realloc(sc->ctts_data,
1649
                                   (entries+sc->ctts_count)*sizeof(*sc->ctts_data));
1650
        if (!sc->ctts_data)
1655
        ctts_data = av_realloc(sc->ctts_data,
1656
                               (entries+sc->ctts_count)*sizeof(*sc->ctts_data));
1657
        if (!ctts_data)
1651 1658
            return AVERROR(ENOMEM);
1659
        sc->ctts_data = ctts_data;
1652 1660
    }
1653 1661
    dts = st->duration;
1654 1662
    offset = frag->base_data_offset + data_offset;
......
1735 1743

  
1736 1744
    cmov_data = av_malloc(cmov_len);
1737 1745
    if (!cmov_data)
1738
        return -1;
1746
        return AVERROR(ENOMEM);
1739 1747
    moov_data = av_malloc(moov_len);
1740 1748
    if (!moov_data) {
1741 1749
        av_free(cmov_data);
1742
        return -1;
1750
        return AVERROR(ENOMEM);
1743 1751
    }
1744 1752
    get_buffer(pb, cmov_data, cmov_len);
1745 1753
    if(uncompress (moov_data, (uLongf *) &moov_len, (const Bytef *)cmov_data, cmov_len) != Z_OK)

Also available in: Unified diff