[FFmpeg-cvslog] avformat/mlvdec: fail reading a packet with 0 streams

Michael Niedermayer git at videolan.org
Sun Jul 5 20:51:00 EEST 2020


ffmpeg | branch: release/2.8 | Michael Niedermayer <michael at niedermayer.cc> | Sun May 31 14:30:43 2020 +0200| [39806a275eb287c39fba7283d1b40dd0e72018bd] | committer: Michael Niedermayer

avformat/mlvdec: fail reading a packet with 0 streams

Fixes: NULL pointer dereference
Fixes: 22604/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5667739074297856.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5bd5c3108786bf69f108c55c375f1956f67ca7a4)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=39806a275eb287c39fba7283d1b40dd0e72018bd
---

 libavformat/mlvdec.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c
index 84b916844c..0ed0cb11a2 100644
--- a/libavformat/mlvdec.c
+++ b/libavformat/mlvdec.c
@@ -384,10 +384,14 @@ static int read_packet(AVFormatContext *avctx, AVPacket *pkt)
 {
     MlvContext *mlv = avctx->priv_data;
     AVIOContext *pb;
-    AVStream *st = avctx->streams[mlv->stream_index];
+    AVStream *st;
     int index, ret;
     unsigned int size, space;
 
+    if (!avctx->nb_streams)
+        return AVERROR_EOF;
+
+    st = avctx->streams[mlv->stream_index];
     if (mlv->pts >= st->duration)
         return AVERROR_EOF;
 



More information about the ffmpeg-cvslog mailing list