libavformat/mov: Fix NULL-dereference read for some encrypted content.

When reading frames, we need to use the fragment for the correct
stream.  Sometimes the "current" fragment is not the same as the one
the frame is for.

Found by Chromium's ClusterFuzz:
https://crbug.com/906392 and https://crbug.com/915524

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1 files changed, 3 insertions, 3 deletions

diff --git a/libavformat/mov.c b/libavformat/mov.c
index ec839ed5e3..825738127b 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -6557,14 +6557,14 @@ static int cenc_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *s
     return 0;
 }
 
-static int cenc_filter(MOVContext *mov, MOVStreamContext *sc, AVPacket *pkt, int current_index)
+static int cenc_filter(MOVContext *mov, AVStream* st, MOVStreamContext *sc, AVPacket *pkt, int current_index)
 {
     MOVFragmentStreamInfo *frag_stream_info;
     MOVEncryptionIndex *encryption_index;
     AVEncryptionInfo *encrypted_sample;
     int encrypted_index, ret;
 
-    frag_stream_info = get_current_frag_stream_info(&mov->frag_index);
+    frag_stream_info = get_frag_stream_info(&mov->frag_index, mov->frag_index.current, st->id);
     encrypted_index = current_index;
     encryption_index = NULL;
     if (frag_stream_info) {
@@ -7794,7 +7794,7 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
     if (mov->aax_mode)
         aax_filter(pkt->data, pkt->size, mov);
 
-    ret = cenc_filter(mov, sc, pkt, current_index);
+    ret = cenc_filter(mov, st, sc, pkt, current_index);
     if (ret < 0)
         return ret;