From 292082df6f047d1dae6fbaa7552b163cf3b778de Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sun, 20 Nov 2022 16:01:12 +0000
Subject: [PATCH] Add break to loop to fix issue 2423, plus some other
 cleanups.

---
 include/exiv2/quicktimevideo.hpp |  8 ++++----
 src/quicktimevideo.cpp           | 26 ++++++++++++++------------
 2 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/include/exiv2/quicktimevideo.hpp b/include/exiv2/quicktimevideo.hpp
index d4f342d6..a665178a 100644
--- a/include/exiv2/quicktimevideo.hpp
+++ b/include/exiv2/quicktimevideo.hpp
@@ -209,13 +209,13 @@ class QuickTimeVideo : public Image {
 
  private:
   //! Variable which stores Time Scale unit, used to calculate time.
-  uint64_t timeScale_;
+  uint64_t timeScale_ = 0;
   //! Variable which stores current stream being processsed.
-  int currentStream_;
+  int currentStream_ = 0;
   //! Variable to check the end of metadata traversing.
-  bool continueTraversing_;
+  bool continueTraversing_ = 0;
   //! Variable to store height and width of a video frame.
-  uint64_t height_, width_;
+  uint64_t height_ = 0, width_ = 0;
 
 };  // QuickTimeVideo End
 
diff --git a/src/quicktimevideo.cpp b/src/quicktimevideo.cpp
index b44b3683..882f19ab 100644
--- a/src/quicktimevideo.cpp
+++ b/src/quicktimevideo.cpp
@@ -26,6 +26,7 @@
 #include "error.hpp"
 #include "futils.hpp"
 #include "quicktimevideo.hpp"
+#include "safe_op.hpp"
 #include "tags.hpp"
 #include "tags_int.hpp"
 // + standard includes
@@ -496,7 +497,8 @@ namespace Exiv2 {
 
 using namespace Exiv2::Internal;
 
-QuickTimeVideo::QuickTimeVideo(BasicIo::UniquePtr io) : Image(ImageType::qtime, mdNone, std::move(io)), timeScale_(1) {
+QuickTimeVideo::QuickTimeVideo(BasicIo::UniquePtr io) :
+    Image(ImageType::qtime, mdNone, std::move(io)), timeScale_(1), currentStream_(Null) {
 }  // QuickTimeVideo::QuickTimeVideo
 
 std::string QuickTimeVideo::mimeType() const {
@@ -860,8 +862,8 @@ void QuickTimeVideo::userDataDecoder(size_t size_external) {
 void QuickTimeVideo::NikonTagsDecoder(size_t size_external) {
   size_t cur_pos = io_->tell();
   DataBuf buf(200), buf2(4 + 1);
-  unsigned long TagID = 0;
-  unsigned short dataLength = 0, dataType = 2;
+  uint32_t TagID = 0;
+  uint16_t dataLength = 0, dataType = 2;
   const TagDetails *td, *td2;
 
   for (int i = 0; i < 100; i++) {
@@ -1094,13 +1096,12 @@ void QuickTimeVideo::timeToSampleDecoder() {
   DataBuf buf(4 + 1);
   io_->readOrThrow(buf.data(), 4);
   io_->readOrThrow(buf.data(), 4);
-  size_t noOfEntries, totalframes = 0, timeOfFrames = 0;
-  noOfEntries = buf.read_uint32(0, bigEndian);
-  size_t temp;
+  uint64_t totalframes = 0, timeOfFrames = 0;
+  const uint32_t noOfEntries = buf.read_uint32(0, bigEndian);
 
-  for (unsigned long i = 1; i <= noOfEntries; i++) {
+  for (uint32_t i = 0; i < noOfEntries; i++) {
     io_->readOrThrow(buf.data(), 4);
-    temp = buf.read_uint32(0, bigEndian);
+    const uint64_t temp = buf.read_uint32(0, bigEndian);
     totalframes += temp;
     io_->readOrThrow(buf.data(), 4);
     timeOfFrames += temp * buf.read_uint32(0, bigEndian);
@@ -1114,16 +1115,17 @@ void QuickTimeVideo::sampleDesc(size_t size) {
   size_t cur_pos = io_->tell();
   io_->readOrThrow(buf.data(), 4);
   io_->readOrThrow(buf.data(), 4);
-  size_t noOfEntries;
-  noOfEntries = buf.read_uint32(0, bigEndian);
+  const uint32_t noOfEntries = buf.read_uint32(0, bigEndian);
 
-  for (unsigned long i = 1; i <= noOfEntries; i++) {
+  for (uint32_t i = 0; i < noOfEntries; i++) {
     if (currentStream_ == Video)
       imageDescDecoder();
     else if (currentStream_ == Audio)
       audioDescDecoder();
+    else
+      break;
   }
-  io_->seek(cur_pos + size, BasicIo::beg);
+  io_->seek(Safe::add(cur_pos, size), BasicIo::beg);
 }  // QuickTimeVideo::sampleDesc
 
 void QuickTimeVideo::audioDescDecoder() {