[FFmpeg-devel] [PATCH] filtfmts: Avoid null pointer dereferences

[Michael Niedermayer]

On Fri, Apr 03, 2015 at 02:25:13PM +0530, Himangi Saraogi wrote:
> ---
>  libavfilter/filtfmts.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/libavfilter/filtfmts.c b/libavfilter/filtfmts.c
> index c1025b9..3e2a011 100644
> --- a/libavfilter/filtfmts.c
> +++ b/libavfilter/filtfmts.c
> @@ -34,6 +34,7 @@ static void print_formats(AVFilterContext *filter_ctx)
>  
>  #define PRINT_FMTS(inout, outin, INOUT)                                 \
>      for (i = 0; i < filter_ctx->nb_##inout##puts; i++) {                     \
> +        if (filter_ctx->inout##puts[i]) {                               \
>          if (filter_ctx->inout##puts[i]->type == AVMEDIA_TYPE_VIDEO) {   \
>              AVFilterFormats *fmts =                                     \
>                  filter_ctx->inout##puts[i]->outin##_formats;            \
> @@ -61,6 +62,7 @@ static void print_formats(AVFilterContext *filter_ctx)
>                         i, avfilter_pad_get_name(filter_ctx->inout##put_pads, i), buf); \
>              }                                                           \
>          }                                                               \
> +        }                                                               \
>      }                                                                   \
>  
>      PRINT_FMTS(in,  out, IN);

> @@ -115,11 +117,15 @@ int main(int argc, char **argv)
>      /* create a link for each of the input pads */
>      for (i = 0; i < filter_ctx->nb_inputs; i++) {
>          AVFilterLink *link = av_mallocz(sizeof(AVFilterLink));
> +        if (!link)
> +            continue;
>          link->type = avfilter_pad_get_type(filter_ctx->input_pads, i);
>          filter_ctx->inputs[i] = link;
>      }
>      for (i = 0; i < filter_ctx->nb_outputs; i++) {
>          AVFilterLink *link = av_mallocz(sizeof(AVFilterLink));
> +        if (!link)
> +            continue;

main should return failure if some malloc inside it failed

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If a bugfix only changes things apparently unrelated to the bug with no
further explanation, that is a good sign that the bugfix is wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150403/b36c71ec/attachment.asc>