From 61e73851a33f0b4cb7662f8578a4695e77bd3c19 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 23 Dec 2023 18:04:32 +0100
Subject: [PATCH] avfilter/f_reverse: Apply PTS compensation only when pts is
 available
References: https://bugzilla.opensuse.org/1223274
References: CVE-2023-51796

Fixes: out of array access
Fixes: tickets/10753/poc16ffmpeg

Regression since: 45dc668aea0edac34969b5a1ff76cf9ad3a09be1
Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/f_reverse.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Index: ffmpeg-5.1.4/libavfilter/f_reverse.c
===================================================================
--- ffmpeg-5.1.4.orig/libavfilter/f_reverse.c
+++ ffmpeg-5.1.4/libavfilter/f_reverse.c
@@ -253,7 +253,8 @@ static int areverse_request_frame(AVFilt
     if (ret == AVERROR_EOF && s->nb_frames > 0) {
         AVFrame *out = s->frames[s->nb_frames - 1];
         out->pts     = s->pts[s->flush_idx++] - s->nb_samples;
-        s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples;
+        if (s->nb_frames > 1)
+            s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples;
 
         if (av_sample_fmt_is_planar(out->format))
             reverse_samples_planar(out);