[FFmpeg-devel] [PATCH] avformat/adxdec: check avctx->channels for invalid values
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Thu Feb 26 01:27:34 CET 2015
On 26.02.2015 00:24, Michael Niedermayer wrote:
> On Wed, Feb 25, 2015 at 11:48:33PM +0100, Andreas Cadhalpun wrote:
>> Hi,
>>
>> if avctx->channels is 0 in adx_read_packet, size gets set to 0,
>> av_get_packet sets pkt->data to NULL and then AV_RB16(pkt->data)
>> results in a null pointer dereference.
>>
>> Attached patch fixes this.
>>
>> Best regards,
>> Andreas
>
>> adxdec.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>> 7312e6a3be1771c83eac72784496c6fc4692d954 0001-avformat-adxdec-check-avctx-channels-for-invalid-val.patch
>> From 2578976a0a9eec03d168f393795119fd274ee81f Mon Sep 17 00:00:00 2001
>> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> Date: Wed, 25 Feb 2015 22:55:44 +0100
>> Subject: [PATCH] avformat/adxdec: check avctx->channels for invalid values
>>
>> This avoids a null pointer dereference of pkt->data.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavformat/adxdec.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/libavformat/adxdec.c b/libavformat/adxdec.c
>> index ddaa201..24a8a1f 100644
>> --- a/libavformat/adxdec.c
>> +++ b/libavformat/adxdec.c
>> @@ -40,6 +40,11 @@ static int adx_read_packet(AVFormatContext *s, AVPacket *pkt)
>> AVCodecContext *avctx = s->streams[0]->codec;
>> int ret, size;
>>
>> + if (avctx->channels <= 0) {
>> + av_log(s, AV_LOG_ERROR, "invalid number of channels %d\n", avctx->channels);
>> + return AVERROR_INVALIDDATA;
>> + }
>
> the demuxer should extract the channel value in adx_read_header()
> and check it there. (if it needs the channels, which it does currently)
>
> its not good for demuxing to depend on a decoder/parser setting this
> value between reading the file header and before demuxing the first
> packet
You're right about that. Attached is a patch for this.
However it might still be a good idea to apply above patch, because the
decoder/parser could set avctx->channels to 0, even if the demuxer has set it to
something positive.
Best regards,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-avformat-adxdec-set-avctx-channels-in-adx_read_heade.patch
Type: text/x-diff
Size: 1259 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150226/90190b3c/attachment.bin>
More information about the ffmpeg-devel
mailing list