[FFmpeg-cvslog] ogg: prevent NULL pointer deference in theora gptopts

Michael Niedermayer git at videolan.org
Tue Sep 25 16:15:36 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Mar 23 03:43:30 2012 +0100| [bb146bb57bea6647f9c080aa4f9323a3a789ad22] | committer: Luca Barbato

ogg: prevent NULL pointer deference in theora gptopts

Additional safety in case a special ogg stream is crafted
with the proper number of

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb146bb57bea6647f9c080aa4f9323a3a789ad22
---

 libavformat/oggparsetheora.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libavformat/oggparsetheora.c b/libavformat/oggparsetheora.c
index df7a89c..632c4ef 100644
--- a/libavformat/oggparsetheora.c
+++ b/libavformat/oggparsetheora.c
@@ -131,8 +131,13 @@ theora_gptopts(AVFormatContext *ctx, int idx, uint64_t gp, int64_t *dts)
     struct ogg *ogg = ctx->priv_data;
     struct ogg_stream *os = ogg->streams + idx;
     struct theora_params *thp = os->private;
-    uint64_t iframe = gp >> thp->gpshift;
-    uint64_t pframe = gp & thp->gpmask;
+    uint64_t iframe, pframe;
+
+    if (!thp)
+        return AV_NOPTS_VALUE;
+
+    iframe = gp >> thp->gpshift;
+    pframe = gp & thp->gpmask;
 
     if (thp->version < 0x030201)
         iframe++;



More information about the ffmpeg-cvslog mailing list