From d95568f9a2d3c2d96265086db0a995b60f45b528 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Tue, 1 Nov 2016 01:05:01 +0100
Subject: [PATCH] mov: immediately return from mov_fix_index without old index
 entries

If there are no index entries, e_old = st->index_entries is only one
byte large, since it was created by av_realloc called with size 0.

Thus accessing e_old[0].timestamp causes a heap buffer overflow.

Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 9d83b209d8861f1daf55f6719b1e0c226ed7269a)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 357d800732..1e2141808d 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2961,7 +2961,7 @@ static void mov_fix_index(MOVContext *mov, AVStream *st)
     int first_non_zero_audio_edit = -1;
     int packet_skip_samples = 0;
 
-    if (!msc->elst_data || msc->elst_count <= 0) {
+    if (!msc->elst_data || msc->elst_count <= 0 || nb_old <= 0) {
         return;
     }
     // Clean AVStream from traces of old index