From 2ccaab9709aadc51625a28597d6a9012607958b4 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 20 Feb 2013 15:45:50 +0100
Subject: mov: fix self referencing timecode tracks

Fixes read after free.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavformat')

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 5575b82..86ec95c 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3173,7 +3173,7 @@ static int mov_read_header(AVFormatContext *s)
                 if (s->streams[j]->id == sc->timecode_track)
                     tmcd_st_id = j;
 
-            if (tmcd_st_id < 0)
+            if (tmcd_st_id < 0 || tmcd_st_id == i)
                 continue;
             tcr = av_dict_get(s->streams[tmcd_st_id]->metadata, "timecode", NULL, 0);
             if (tcr)
-- 
cgit v1.1