[FFmpeg-devel] [PATCH 1/7] wav: fix potential crash in case of 'fmt ' tag not found
Clément Bœsch
ubitux at gmail.com
Thu Sep 1 08:13:01 CEST 2011
On Thu, Sep 01, 2011 at 02:30:18AM +0200, Clément Bœsch wrote:
> ---
> libavformat/wav.c | 6 +++++-
> 1 files changed, 5 insertions(+), 1 deletions(-)
>
> diff --git a/libavformat/wav.c b/libavformat/wav.c
> index 1ae9413..0d06fc3 100644
> --- a/libavformat/wav.c
> +++ b/libavformat/wav.c
> @@ -387,7 +387,7 @@ static int wav_read_header(AVFormatContext *s,
> int rf64;
> unsigned int tag;
> AVIOContext *pb = s->pb;
> - AVStream *st;
> + AVStream *st = NULL;
> WAVContext *wav = s->priv_data;
> int ret, got_fmt = 0;
> int64_t next_tag_ofs, data_ofs = -1;
> @@ -484,10 +484,14 @@ break_loop:
>
> avio_seek(pb, data_ofs, SEEK_SET);
>
> + if (!st) {
> + av_log(s, AV_LOG_WARNING, "no 'fmt ' tag found\n");
> + } else {
> if (!sample_count && st->codec->channels && av_get_bits_per_sample(st->codec->codec_id))
> sample_count = (data_size<<3) / (st->codec->channels * (uint64_t)av_get_bits_per_sample(st->codec->codec_id));
> if (sample_count)
> st->duration = sample_count;
> + }
>
> ff_metadata_conv_ctx(s, NULL, wav_metadata_conv);
>
Actually, the no 'fmt ' case shoudn't be reached; the data tag depends on
the fmt tag, and in case of no data tag, it already abort. I'll look for a
better warning workaround than this patch.
--
Clément B.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110901/e32120ed/attachment.asc>
More information about the ffmpeg-devel
mailing list