[FFmpeg-devel] [PATCH] avfilter/af_pan: fix null pointer dereference on empty token

Nicolas George george at nsup.org
Sun Feb 5 11:23:35 EET 2017


Le septidi 17 pluviôse, an CCXXV, Marton Balint a écrit :
> Fixes Coverity CID 1396254.
> 
> Signed-off-by: Marton Balint <cus at passwd.hu>
> ---
>  libavfilter/af_pan.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
> index 94f1587..00eef2b 100644
> --- a/libavfilter/af_pan.c
> +++ b/libavfilter/af_pan.c
> @@ -115,6 +115,11 @@ static av_cold int init(AVFilterContext *ctx)
>      if (!args)
>          return AVERROR(ENOMEM);
>      arg = av_strtok(args, "|", &tokenizer);

> +    if (!arg) {
> +        av_log(ctx, AV_LOG_ERROR, "Cannot tokenize argument\n");
> +        ret = AVERROR(EINVAL);
> +        goto fail;
> +    }

Thanks for catching this. The fix seems correct. The error message, on
the other hand, is not good: it is meant for users but does not tell
them anything.

If I read the code correctly, this can only be triggered if the argument
to pan contains only the delimiter character. Something like "channel
layout not specified" would be more useful.

>      ret = ff_parse_channel_layout(&pan->out_channel_layout,
>                                    &pan->nb_output_channels, arg, ctx);
>      if (ret < 0)

Regards,

-- 
  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170205/e0d30957/attachment.sig>


More information about the ffmpeg-devel mailing list