lavf/mov: ensure only one tkhd per trak
authorchcunningham <chcunningham@chromium.org>
Thu, 13 Dec 2018 21:58:40 +0000 (13:58 -0800)
committerMichael Niedermayer <michael@niedermayer.cc>
Sun, 24 Mar 2019 09:38:51 +0000 (10:38 +0100)
commitcb901e183608b58b6ed9aea0f11c77b20967fe0e
tree0b166ad686879aed9ba806d05728cf640174bbd5
parent04fe02bd80bc8dddd1e9d5a1cc9d336fc3a5a6da
lavf/mov: ensure only one tkhd per trak

Chromium fuzzing produced a whacky file with extra tkhds. This caused
an AVStream that was already in use to be corrupted by assigning it a
new id, which blows up later in mov_read_trun because the
MOVFragmentStreamInfo.index_entry now points OOB.

Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c9f7b6f7a9fdffa0ab8f3aa84a1f701cf5b3a6e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/mov.c