From: John Stebbins <jstebbins.hb@gmail.com>
Date: Wed, 15 Feb 2017 17:29:39 +0000 (-0700)
Subject: libav: fix crash when scanning wmv file
X-Git-Tag: 1.0.3~17
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c1300290f39e0c04d2f640e475221f79f96f5c66;p=handbrake

libav: fix crash when scanning wmv file

Fixes crash reported here
https://forum.handbrake.fr/viewtopic.php?f=11&t=35690

Does not fix scan problem, but follow-up commit will.

Also possibly related
https://github.com/HandBrake/HandBrake/issues/466
https://github.com/HandBrake/HandBrake/issues/495

(cherry picked from commit 05f743e784fe69e2950d32e8ac177c34a2f3e5c8)
---

diff --git a/contrib/ffmpeg/A07-wmv-crash.patch b/contrib/ffmpeg/A07-wmv-crash.patch
new file mode 100644
index 000000000..ca124a14c
--- /dev/null
+++ b/contrib/ffmpeg/A07-wmv-crash.patch
@@ -0,0 +1,31 @@
+From 8e67039c6312ba520945f2c01b7b14df056d5ed1 Mon Sep 17 00:00:00 2001
+From: John Stebbins <stebbins@jetheaddev.com>
+Date: Thu, 12 Jan 2017 13:36:26 -0700
+Subject: [PATCH] asfdec: Use the ASF stream count when iterating
+
+The AVFormat stream count can be larger due external factors, such as
+an id3 tag appended.
+
+Avoid an out of bound read.
+
+Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
+---
+ libavformat/asfdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
+index 1c50ad6..d602af8 100644
+--- a/libavformat/asfdec.c
++++ b/libavformat/asfdec.c
+@@ -1485,7 +1485,7 @@ static int asf_read_packet(AVFormatContext *s, AVPacket *pkt)
+             asf->return_subpayload = 0;
+             return 0;
+         }
+-        for (i = 0; i < s->nb_streams; i++) {
++        for (i = 0; i < asf->nb_streams; i++) {
+             ASFPacket *asf_pkt = &asf->asf_st[i]->pkt;
+             if (asf_pkt && !asf_pkt->size_left && asf_pkt->data_size) {
+                 if (asf->asf_st[i]->span > 1 &&
+-- 
+2.9.3
+