mkvmuxer.cpp internally tries to access deleted frames

[GoogleCodeExporter]

There are some edge situations, when libwebm crashes when the frames don't 
fulfill the expected behaviour, libwebm crashes due to wrong accesses to 
deleted frames.

What steps will reproduce the problem?
1. Make an small app that add video and audio frames.
2. Add only audio frames, making the cluster have a duration longer than the 
max cluster duration.
3. Add a new video keyframe.
4. Finalize de segment.

What is the expected output? What do you see instead?
Probably a wrong stream, but instead I get a segmentation fault.

What version are you using? On what Windows version?
Any.

Please provide any additional information below.
I think the problem could be inside Segment::WriteFramesLessThan(uint64 
timestamp), it deletes pointers within a list of frames and it then shift their 
position, but in some conditions it could return before actually shifting the 
deleted pointers. 
This makes mkvmuxer access deleted pointers when adding the following frames, 
which will terminate on an application crash.

Original issue reported on code.google.com by javi...@tokbox.com on 15 Jul 2015 at 7:40

[GoogleCodeExporter]

Original comment by fgalli...@google.com on 16 Jul 2015 at 10:20

• Changed state: Available