[FFmpeg-cvslog] dv: Fix null pointer dereference due to ach=0

Michael Niedermayer git at videolan.org
Mon Apr 2 01:45:25 CEST 2012


ffmpeg | branch: release/0.8 | Michael Niedermayer <michaelni at gmx.at> | Tue Jan 24 17:51:40 2012 +0100| [44e182d41e3a73548f3f5e8445ec428d3846e6d6] | committer: Reinhard Tartler

dv: Fix null pointer dereference due to ach=0

dv: Fix null pointer dereference due to ach=0

Fixes part2 of CVE-2011-3929

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman at shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit 5a396bb3a66a61a68b80f2369d0249729bf85e04)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=44e182d41e3a73548f3f5e8445ec428d3846e6d6
---

 libavformat/dv.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/libavformat/dv.c b/libavformat/dv.c
index fe6dac6..cd1efdd 100644
--- a/libavformat/dv.c
+++ b/libavformat/dv.c
@@ -341,7 +341,8 @@ int dv_produce_packet(DVDemuxContext *c, AVPacket *pkt,
        c->audio_pkt[i].pts  = c->abytes * 30000*8 / c->ast[i]->codec->bit_rate;
        ppcm[i] = c->audio_buf[i];
     }
-    dv_extract_audio(buf, ppcm, c->sys);
+    if (c->ach)
+        dv_extract_audio(buf, ppcm, c->sys);
 
     /* We work with 720p frames split in half, thus even frames have
      * channels 0,1 and odd 2,3. */



More information about the ffmpeg-cvslog mailing list