From 1ffef8bf6076c42bcbaaf0ec4f11ca4cf0c797da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Thu, 19 Jan 2017 13:46:58 +0200
Subject: [PATCH] qtdemux: Increment current stts index whenever we finished
 one stts entry

Otherwise we could read more chunks than there are available, doing an
out of bounds read and potentially crash.

https://bugzilla.gnome.org/show_bug.cgi?id=777469
---
 gst/isomp4/qtdemux.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
index 973af8fd51..5856450dbb 100644
--- a/gst/isomp4/qtdemux.c
+++ b/gst/isomp4/qtdemux.c
@@ -8545,6 +8545,8 @@ done2:
           /* save values */
           stream->stts_time = stts_time;
           stream->stts_sample_index = j + 1;
+          if (stream->stts_sample_index >= stream->stts_samples)
+            stream->stts_index++;
           goto done3;
         }
       }