From 63e401ccc9d949a951b00502fd6c9e24962258eb Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Fri, 9 Jan 2015 01:47:48 +0100
Subject: tl_matroska: check chapter bounds

I have no idea what this does, but it's without doubt a sufficient fix
for the issue at hand.

Fixes #1445.

Conflicts:
	player/timeline/tl_matroska.c
---
 player/timeline/tl_matroska.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/player/timeline/tl_matroska.c b/player/timeline/tl_matroska.c
index e2215864d9..0a49f91deb 100644
--- a/player/timeline/tl_matroska.c
+++ b/player/timeline/tl_matroska.c
@@ -381,6 +381,7 @@ static void build_timeline_loop(struct MPContext *mpctx,
                                 uint64_t *last_end_time,
                                 struct timeline_part **timeline,
                                 struct demux_chapter *chapters,
+                                int num_chapters,
                                 int *part_count,
                                 uint64_t skip,
                                 uint64_t limit)
@@ -418,6 +419,10 @@ static void build_timeline_loop(struct MPContext *mpctx,
              * recursive ordered chapter editions? If so, more code will be
              * needed to add chapters for external non-ordered segment loading
              * as well since that part is not recursive. */
+
+            if (i >= num_chapters)
+                break; // probably needed only for broken sources
+
             if (!limit) {
                 chapters[i].pts = *starttime / 1e9;
                 chapters[i].name = talloc_strdup(chapters, c->name);
@@ -477,11 +482,9 @@ static void build_timeline_loop(struct MPContext *mpctx,
             } else {
                 build_timeline_loop(mpctx, sources, num_sources, j, starttime,
                                     missing_time, last_end_time, timeline,
-                                    chapters, part_count, c->start, c->end);
-                /* The loop call has added time as needed (we can't add it here
-                 * due to 'join_diff' in the add_timeline_part function. Since
-                 * the time has already been added as needed, the chapter has
-                 * an effective 0 length at this point. */
+                                    chapters, num_chapters, part_count,
+                                    c->start, c->end);
+                // Already handled by the loop call.
                 chapter_length = 0;
             }
             *last_end_time = c->end;
@@ -571,7 +574,7 @@ void build_ordered_chapter_timeline(struct MPContext *mpctx)
     int part_count = 0;
     build_timeline_loop(mpctx, sources, num_sources, 0, &starttime,
                         &missing_time, &last_end_time, &timeline,
-                        chapters, &part_count, 0, 0);
+                        chapters, m->num_ordered_chapters, &part_count, 0, 0);
 
     // Fuck everything (2): filter out all "unset" chapters.
     for (int n = m->num_ordered_chapters - 1; n >= 0; n--) {
-- 
cgit v1.2.3