From eb60b9d3aaaa42265fb1960be6fff6383cfdbf37 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 3 Feb 2018 21:36:22 +0100
Subject: avformat/mov: Move +1 in check to avoid hypothetical overflow in
 add_ctts_entry()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavformat/mov.c')

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 33126781a0..cb6f3a45de 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3256,7 +3256,7 @@ static int64_t add_ctts_entry(MOVStts** ctts_data, unsigned int* ctts_count, uns
         FFMAX(min_size_needed, 2 * (*allocated_size)) :
         min_size_needed;
 
-    if((unsigned)(*ctts_count) + 1 >= UINT_MAX / sizeof(MOVStts))
+    if((unsigned)(*ctts_count) >= UINT_MAX / sizeof(MOVStts) - 1)
         return -1;
 
     ctts_buf_new = av_fast_realloc(*ctts_data, allocated_size, requested_size);
-- 
cgit v1.2.3