[FFmpeg-devel] [libav-devel] [PATCH] nutdec: only copy the header if it exists

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Fri Dec 18 20:12:15 CET 2015


On 18.12.2015 20:06, Luca Barbato wrote:
> On 18/12/15 19:05, Andreas Cadhalpun wrote:
>> On 18.12.2015 18:53, Luca Barbato wrote:
>>> On 18/12/15 17:24, Andreas Cadhalpun wrote:
>>>> Fixes runtime error: null pointer passed as argument 2, which is
>>>> declared to never be null
>>>>
>>>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>>>> ---
>>>>  libavformat/nutdec.c | 3 ++-
>>>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
>>>> index 47ae7a7..3aa7a88 100644
>>>> --- a/libavformat/nutdec.c
>>>> +++ b/libavformat/nutdec.c
>>>> @@ -1133,7 +1133,8 @@ static int decode_frame(NUTContext *nut, AVPacket *pkt, int frame_code)
>>>>      ret = av_new_packet(pkt, size + nut->header_len[header_idx]);
>>>>      if (ret < 0)
>>>>          return ret;
>>>> -    memcpy(pkt->data, nut->header[header_idx], nut->header_len[header_idx]);
>>>> +    if (nut->header[header_idx])
>>>> +        memcpy(pkt->data, nut->header[header_idx], nut->header_len[header_idx]);
>>>>      pkt->pos = avio_tell(bc); // FIXME
>>>>      if (stc->last_flags & FLAG_SM_DATA) {
>>>>          int sm_size;
>>>>
>>>
>>> When it happens exactly?
>>
>> When header_idx is 0 and thus nut->header_len[0] = 0 and nut->header[0] = NULL.
>>
> 
> if header_len is 0 what's exactly the problem?

gcc's undefined behavior sanitizer prints the error from the commit message.
That's all. See e.g. [1].

Best regards,
Andreas


1: https://stackoverflow.com/questions/5243012/is-it-guaranteed-to-be-safe-to-perform-memcpy0-0-0


More information about the ffmpeg-devel mailing list