[FFmpeg-devel] [PATCH] sbgdec: prevent NULL pointer access
Josh de Kock
josh at itanimul.li
Wed Nov 23 02:06:37 EET 2016
On 22/11/2016 23:37, Andreas Cadhalpun wrote:
> On 23.11.2016 00:01, Josh de Kock wrote:
>> On 22/11/2016 22:22, Andreas Cadhalpun wrote:
>>> On 10.11.2016 22:24, Andreas Cadhalpun wrote:
>>>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>>>> ---
>>>> libavformat/sbgdec.c | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c
>>>> index bb020d7..cbedd12 100644
>>>> --- a/libavformat/sbgdec.c
>>>> +++ b/libavformat/sbgdec.c
>>>> @@ -927,7 +927,7 @@ static void expand_timestamps(void *log, struct sbg_script *s)
>>>> }
>>>> }
>>>> if (s->start_ts == AV_NOPTS_VALUE)
>>>> - s->start_ts = s->opt_start_at_first ? s->tseq[0].ts.t : now;
>>>> + s->start_ts = (s->opt_start_at_first && s->tseq) ? s->tseq[0].ts.t : now;
>>>> s->end_ts = s->opt_duration ? s->start_ts + s->opt_duration :
>>>> AV_NOPTS_VALUE; /* may be overridden later by -E option */
>>>> cur_ts = now;
>>>>
>>>
>>> Ping. It would be good to have this fixed in 3.2.1.
>>>
>>
>> I don't see how s->tseq can be NULL unless the functions are externally invoked without
>> a proper state (which they shouldn't be because they're static).
>
> It happens with simply using ffprobe on the sample.
> The problem is that tseq is only allocated in parse_time_sequence, but
> that function is not necessarily called.
>
Ok. I see that now, at the very least this patch shouldn't have any
adverse effects--LGTM.
--
Josh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: OpenPGP digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161123/8a1e8af5/attachment.sig>
More information about the ffmpeg-devel
mailing list