[FFmpeg-devel] [PATCH] Null check of &s->internal before attempting to free dict and pkt - avoid Null pointer dereference crash

Andreas Rheinhardt andreas.rheinhardt at outlook.com
Tue Jun 8 20:20:56 EEST 2021


Robert Beyer:
> ---
>  libavformat/utils.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index fe8eaa6cb3..73a7d13123 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -4331,9 +4331,11 @@ void avformat_free_context(AVFormatContext *s)
>      }
>      av_freep(&s->chapters);
>      av_dict_free(&s->metadata);
> -    av_dict_free(&s->internal->id3v2_meta);
> -    av_packet_free(&s->internal->pkt);
> -    av_packet_free(&s->internal->parse_pkt);
> +    if (&s->internal) {
> +        av_dict_free(&s->internal->id3v2_meta);
> +        av_packet_free(&s->internal->pkt);
> +        av_packet_free(&s->internal->parse_pkt);
> +    }
>      av_freep(&s->streams);
>      flush_packet_queue(s);
>      av_freep(&s->internal);
> 
1. Checking for &s->internal is nonsense: If s is not NULL and points to
an AVFormatContext, &s->internal is so, too. You want to check for
s->internal.
2. avformat_alloc_context() (the only function that directly allocates
AVFormatContexts) ensures that every successfully allocated
AVFormatContext has an AVFormatInternal set, so the issue should just
not happen. If it does happen for you, then please provide the necessary
details to reproduce it.

- Andreas


More information about the ffmpeg-devel mailing list