From 4e3e8980b58fc22eb41c0e3cd3392bb4e6ca0184 Mon Sep 17 00:00:00 2001 From: Brendan McGrath Date: Mon, 29 Jan 2018 10:46:50 +0800 Subject: [PATCH] dashdec: Fix segfault on decoding segment timeline If first_seq_no is not within the bounds of timelines then a segfault will occur. This patch removes the use of first_seq_no within the timelines array It also adds first_seq_no to the value returned by calc_next_seg_no_from_timelines (which allows for different values of 'startNumber') Signed-off-by: Brendan McGrath --- libavformat/dashdec.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c index f4cbb065e9..f9dc033097 100644 --- a/libavformat/dashdec.c +++ b/libavformat/dashdec.c @@ -1257,15 +1257,12 @@ static int64_t calc_cur_seg_no(AVFormatContext *s, struct representation *pls) if (pls->n_fragments) { num = pls->first_seq_no; } else if (pls->n_timelines) { - start_time_offset = get_segment_start_time_based_on_timeline(pls, 0xFFFFFFFF) - pls->timelines[pls->first_seq_no]->starttime; // total duration of playlist - if (start_time_offset < 60 * pls->fragment_timescale) - start_time_offset = 0; - else - start_time_offset = start_time_offset - 60 * pls->fragment_timescale; - - num = calc_next_seg_no_from_timelines(pls, pls->timelines[pls->first_seq_no]->starttime + start_time_offset); + start_time_offset = get_segment_start_time_based_on_timeline(pls, 0xFFFFFFFF) - 60 * pls->fragment_timescale; // 60 seconds before end + num = calc_next_seg_no_from_timelines(pls, start_time_offset); if (num == -1) num = pls->first_seq_no; + else + num += pls->first_seq_no; } else if (pls->fragment_duration){ if (pls->presentation_timeoffset) { num = pls->presentation_timeoffset * pls->fragment_timescale / pls->fragment_duration;