[FFmpeg-trac] #3171(avformat:new): avio_close() misuses AVIOContext.opaque field

FFmpeg trac at avcodec.org
Mon Nov 25 12:30:14 CET 2013

#3171: avio_close() misuses AVIOContext.opaque field
             Reporter:  achurch   |                     Type:  defect
               Status:  new       |                 Priority:  normal
            Component:  avformat  |                  Version:  git-master
             Keywords:            |               Blocked By:
             Blocking:            |  Reproduced by developer:  0
Analyzed by developer:  0         |
 (Note: the following is true as of git e78d038187)

 In avio.h, the AVIOContext.opaque field is documented as "A private
 pointer, passed to the read/write/seek/... functions", and
 avio_alloc_context() takes an "opaque" parameter which is similarly
 documented "An opaque pointer to user-specific data" and stored directly
 into the created structure's opaque field.  However, avio_close() treats
 that field as a URLContext pointer:

 int avio_close(AVIOContext *s)
     URLContext *h;
     // ...
     h = s->opaque;
     // ...
     return ffurl_close(h);

 If a user-created AVIOContext makes use of the opaque field as documented,
 avio_close() may crash, inappropriately free memory, etc. when it
 interprets the user's opaque data as a URLContext structure.

Ticket URL: <https://trac.ffmpeg.org/ticket/3171>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list