[FFmpeg-devel] [libav-devel] [PATCH] nutdec: only copy the header if it exists
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Fri Dec 18 20:12:15 CET 2015
On 18.12.2015 20:06, Luca Barbato wrote:
> On 18/12/15 19:05, Andreas Cadhalpun wrote:
>> On 18.12.2015 18:53, Luca Barbato wrote:
>>> On 18/12/15 17:24, Andreas Cadhalpun wrote:
>>>> Fixes runtime error: null pointer passed as argument 2, which is
>>>> declared to never be null
>>>>
>>>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>>>> ---
>>>> libavformat/nutdec.c | 3 ++-
>>>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
>>>> index 47ae7a7..3aa7a88 100644
>>>> --- a/libavformat/nutdec.c
>>>> +++ b/libavformat/nutdec.c
>>>> @@ -1133,7 +1133,8 @@ static int decode_frame(NUTContext *nut, AVPacket *pkt, int frame_code)
>>>> ret = av_new_packet(pkt, size + nut->header_len[header_idx]);
>>>> if (ret < 0)
>>>> return ret;
>>>> - memcpy(pkt->data, nut->header[header_idx], nut->header_len[header_idx]);
>>>> + if (nut->header[header_idx])
>>>> + memcpy(pkt->data, nut->header[header_idx], nut->header_len[header_idx]);
>>>> pkt->pos = avio_tell(bc); // FIXME
>>>> if (stc->last_flags & FLAG_SM_DATA) {
>>>> int sm_size;
>>>>
>>>
>>> When it happens exactly?
>>
>> When header_idx is 0 and thus nut->header_len[0] = 0 and nut->header[0] = NULL.
>>
>
> if header_len is 0 what's exactly the problem?
gcc's undefined behavior sanitizer prints the error from the commit message.
That's all. See e.g. [1].
Best regards,
Andreas
1: https://stackoverflow.com/questions/5243012/is-it-guaranteed-to-be-safe-to-perform-memcpy0-0-0
More information about the ffmpeg-devel
mailing list