[FFmpeg-cvslog] nsvdec: Fix use of uninitialized streams.
Michael Niedermayer
git at videolan.org
Wed Jan 25 06:52:04 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Jan 24 22:20:26 2012 +0100| [5c011706bc752d34bc6ada31d7df2ca0c9af7c6b] | committer: Michael Niedermayer
nsvdec: Fix use of uninitialized streams.
Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write)
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b
---
libavformat/nsvdec.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c
index 76bcd4a..6a6830e 100644
--- a/libavformat/nsvdec.c
+++ b/libavformat/nsvdec.c
@@ -606,12 +606,12 @@ null_chunk_retry:
}
/* map back streams to v,a */
- if (s->streams[0])
+ if (s->nb_streams > 0)
st[s->streams[0]->id] = s->streams[0];
- if (s->streams[1])
+ if (s->nb_streams > 1)
st[s->streams[1]->id] = s->streams[1];
- if (vsize/* && st[NSV_ST_VIDEO]*/) {
+ if (vsize && st[NSV_ST_VIDEO]) {
nst = st[NSV_ST_VIDEO]->priv_data;
pkt = &nsv->ahead[NSV_ST_VIDEO];
av_get_packet(pb, pkt, vsize);
@@ -624,7 +624,7 @@ null_chunk_retry:
if(st[NSV_ST_VIDEO])
((NSVStream*)st[NSV_ST_VIDEO]->priv_data)->frame_offset++;
- if (asize/*st[NSV_ST_AUDIO]*/) {
+ if (asize && st[NSV_ST_AUDIO]) {
nst = st[NSV_ST_AUDIO]->priv_data;
pkt = &nsv->ahead[NSV_ST_AUDIO];
/* read raw audio specific header on the first audio chunk... */
More information about the ffmpeg-cvslog
mailing list