[FFmpeg-devel] [PATCH] Fix av_packet_split_side_data.
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Sun Nov 6 01:34:30 CET 2011
p cannot be calculated before av_dup_packet since that one
might change avpkt->data, causing invalid reads and a
non-working range check.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
---
libavcodec/avpacket.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index ff34285..a4bd442 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -237,10 +237,11 @@ int av_packet_split_side_data(AVPacket *pkt){
if (!pkt->side_data_elems && pkt->size >12 && AV_RB64(pkt->data + pkt->size - 8) == FF_MERGE_MARKER){
int i;
unsigned int size;
- uint8_t *p= pkt->data + pkt->size - 8 - 5;
+ uint8_t *p;
av_dup_packet(pkt);
+ p = pkt->data + pkt->size - 8 - 5;
for (i=1; ; i++){
size = AV_RB32(p);
if (size>INT_MAX || p - pkt->data <= size)
--
1.7.7.1
More information about the ffmpeg-devel
mailing list