[FFmpeg-devel] [PATCH] rmdec: make sure we actually have a buffer before writing into it

Reimar Döffinger Reimar.Doeffinger
Sun Sep 13 10:02:06 CEST 2009


On Sun, Sep 13, 2009 at 10:33:34AM +0300, Kostya wrote:
> On Sat, Sep 12, 2009 at 10:27:45PM +0200, Reimar D?ffinger wrote:
> > rm_assemble_video_frame may write into vst->pkt.data even though that
> > one is NULL because we just returned a packet and have not yet allocated
> > a new one.
> > There are loads of ways to fix that, and possibly even some better/more
> > error resilient ones, but since I don't know the rm format that well I
> > propose this rather simple one, which sets vst->slices to 0 in addition
> > to vst->pkt.size/data and thus takes advantage of an existing check.
> > Index: libavformat/rmdec.c
> > ===================================================================
> > --- libavformat/rmdec.c (revision 19824)
> > +++ libavformat/rmdec.c (working copy)
> > @@ -637,6 +637,7 @@
> >          pkt->size = vst->videobufpos + 8*(vst->cur_slice - vst->slices);
> >          pkt->pts = AV_NOPTS_VALUE;
> >          pkt->pos = vst->pktpos;
> > +        vst->slices = 0;
> >          return 0;
> >      }
> 
> Hmm, that does not seem correct since packet is allocated when first
> part of it (i.e. slice number = 1) is seen. If we don't get it, packet
> will be corrupted.

Of course it is corrupted, but that is no excuse for crashing!
This is only supposed to fix the crash with corrupted/unsupported files,
not make them work - that one is a different issue.
Of course it might be possible to do both with one patch, but this seems
safer to me.



More information about the ffmpeg-devel mailing list