[FFmpeg-cvslog] id3v2: fix NULL pointer dereference

Anton Khirnov git at videolan.org
Wed Oct 12 05:51:16 CEST 2011 

ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Fri Oct  7 20:09:56 2011 +0200| [c780b543e72141393ae3c0b0cb2654f9a5e35f73] | committer: Anton Khirnov

id3v2: fix NULL pointer dereference

Bug found by Laurent Aimar fenrir at videolan org

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c780b543e72141393ae3c0b0cb2654f9a5e35f73
---

 libavformat/id3v2.c |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index c30ab4c..cea0ee0 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -351,7 +351,7 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
     AVIOContext *pbx;
     unsigned char *buffer = NULL;
     int buffer_size = 0;
-    void (*extra_func)(AVFormatContext*, AVIOContext*, int, char*, ID3v2ExtraMeta**) = NULL;
+    const ID3v2EMFunc *extra_func;
 
     switch (version) {
     case 2:
@@ -419,7 +419,7 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
             av_log(s, AV_LOG_WARNING, "Skipping encrypted/compressed ID3v2 frame %s.\n", tag);
             avio_skip(s->pb, tlen);
         /* check for text tag or supported special meta tag */
-        } else if (tag[0] == 'T' || (extra_meta && (extra_func = get_extra_meta_func(tag, isv34)->read))) {
+        } else if (tag[0] == 'T' || (extra_meta && (extra_func = get_extra_meta_func(tag, isv34)))) {
             if (unsync || tunsync) {
                 int i, j;
                 av_fast_malloc(&buffer, &buffer_size, tlen);
@@ -445,7 +445,7 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
                 read_ttag(s, pbx, tlen, tag);
             else
                 /* parse special meta tag */
-                extra_func(s, pbx, tlen, tag, extra_meta);
+                extra_func->read(s, pbx, tlen, tag, extra_meta);
         }
         else if (!tag[0]) {
             if (tag[1])
@@ -508,11 +508,11 @@ void ff_id3v2_read(AVFormatContext *s, const char *magic)
 void ff_id3v2_free_extra_meta(ID3v2ExtraMeta **extra_meta)
 {
     ID3v2ExtraMeta *current = *extra_meta, *next;
-    void (*free_func)(ID3v2ExtraMeta*);
+    const ID3v2EMFunc *extra_func;
 
     while (current) {
-        if ((free_func = get_extra_meta_func(current->tag, 1)->free))
-            free_func(current->data);
+        if ((extra_func = get_extra_meta_func(current->tag, 1)))
+            extra_func->free(current->data);
         next = current->next;
         av_freep(&current);
         current = next;

More information about the ffmpeg-cvslog mailing list