From fd165a0b3166bd4605f4f65197b0d43c9382f3e7 Mon Sep 17 00:00:00 2001
From: Dale Curtis <dalecurtis@chromium.org>
Date: Thu, 12 Apr 2012 18:02:33 -0700
Subject: [PATCH] mov: Fix harmless OOB read.

Convert key_off initialize to use the same sc->keyframe_count as
used elsewhere in the function.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index b4ff1df2eb..ce61250eac 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1842,7 +1842,7 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
         unsigned int stts_sample = 0;
         unsigned int sample_size;
         unsigned int distance = 0;
-        int key_off = sc->keyframes && sc->keyframes[0] == 1;
+        int key_off = sc->keyframe_count && sc->keyframes[0] == 1;
 
         current_dts -= sc->dts_shift;