[FFmpeg-devel] [PATCH 2/2] dv: dont crash in dv_frame_offset if avpriv_dv_codec_profile returns NULL

Michael Niedermayer michaelni at gmx.at
Mon Dec 26 22:10:46 CET 2011


On Sun, Dec 25, 2011 at 07:31:24PM +0100, Marton Balint wrote:
> Signed-off-by: Marton Balint <cus at passwd.hu>
> ---
>  libavformat/dv.c |    6 +++++-
>  1 files changed, 5 insertions(+), 1 deletions(-)
> 
> diff --git a/libavformat/dv.c b/libavformat/dv.c
> index 5dddaf6..b4d874c 100644
> --- a/libavformat/dv.c
> +++ b/libavformat/dv.c
> @@ -34,6 +34,7 @@
>  #include "libavcodec/dvdata.h"
>  #include "libavutil/intreadwrite.h"
>  #include "libavutil/mathematics.h"
> +#include "libavutil/avassert.h"
>  #include "dv.h"
>  
>  struct DVDemuxContext {
> @@ -373,7 +374,10 @@ static int64_t dv_frame_offset(AVFormatContext *s, DVDemuxContext *c,
>      const DVprofile* sys = avpriv_dv_codec_profile(c->vst->codec);
>      int64_t offset;
>      int64_t size = avio_size(s->pb) - s->data_offset;
> -    int64_t max_offset = ((size-1) / sys->frame_size) * sys->frame_size;
> +    int64_t max_offset;
> +
> +    av_assert0(sys);
> +    max_offset = ((size-1) / sys->frame_size) * sys->frame_size;

i think this should return with an error unless its (supposed to be)
impossible for user input to ffmpeg/ffplay to trigger it

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Those who are too smart to engage in politics are punished by being
governed by those who are dumber. -- Plato 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20111226/f8aaf877/attachment.asc>


More information about the ffmpeg-devel mailing list