[FFmpeg-devel] [PATCH] prevent segfault when parsing corrupt DV
Roman V. Shaposhnik
rvs
Mon Jan 5 05:52:20 CET 2009
On Sun, 2009-01-04 at 12:57 -0800, Dan Dennedy wrote:
> I have a sample capture.dv file that is ~18MB if needed, but it is an
> obvious problem. dv_demux->sys is often assigned when
> dv_produce_packet gets called just below the code in the patch below.
> If the stream is very corrupt, it may be set NULL in
> dv_produce_packets and then used here.
>
> Index: libavformat/dv.c
> ===================================================================
> --- libavformat/dv.c (revision 16313)
> +++ libavformat/dv.c (working copy)
> @@ -430,6 +430,8 @@
> size = dv_get_packet(c->dv_demux, pkt);
>
> if (size < 0) {
> + if (!c->dv_demux->sys)
> + return AVERROR(EIO);
> size = c->dv_demux->sys->frame_size;
> if (get_buffer(s->pb, c->buf, size) <= 0)
> return AVERROR(EIO);
This looks reasonable. If there are no objections -- I'm going
to apply it tmr.
Thanks,
Roman.
More information about the ffmpeg-devel
mailing list