[FFmpeg-cvslog] avfilter_get_video_buffer_ref_from_frame: check channel count
Michael Niedermayer
git at videolan.org
Wed Dec 12 14:20:52 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Dec 12 14:09:19 2012 +0100| [5a4eb6aa275e4c1b80e1e125a7901903e35219f2] | committer: Michael Niedermayer
avfilter_get_video_buffer_ref_from_frame: check channel count
more than 8 channels is not supported and crashes with null pointer dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a4eb6aa275e4c1b80e1e125a7901903e35219f2
---
libavfilter/avcodec.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavfilter/avcodec.c b/libavfilter/avcodec.c
index 688f1b3..705cf80 100644
--- a/libavfilter/avcodec.c
+++ b/libavfilter/avcodec.c
@@ -92,8 +92,12 @@ AVFilterBufferRef *avfilter_get_video_buffer_ref_from_frame(const AVFrame *frame
AVFilterBufferRef *avfilter_get_audio_buffer_ref_from_frame(const AVFrame *frame,
int perms)
{
- AVFilterBufferRef *samplesref =
- avfilter_get_audio_buffer_ref_from_arrays((uint8_t **)frame->data, frame->linesize[0], perms,
+ AVFilterBufferRef *samplesref;
+
+ if(av_frame_get_channels(frame) > 8) // libavfilter does not suport more than 8 channels FIXME, remove once libavfilter is fixed
+ return NULL;
+
+ samplesref = avfilter_get_audio_buffer_ref_from_arrays((uint8_t **)frame->data, frame->linesize[0], perms,
frame->nb_samples, frame->format,
av_frame_get_channel_layout(frame));
if (!samplesref)
More information about the ffmpeg-cvslog
mailing list