[FFmpeg-devel] [PATCH] mjpegdec: Do not assume unused plane pointer are NULL.

wm4 nfxjfg at googlemail.com
Fri Feb 26 11:29:05 CET 2016


On Fri, 26 Feb 2016 02:38:13 +0100
Michael Niedermayer <michael at niedermayer.cc> wrote:

> On Fri, Feb 26, 2016 at 12:15:19AM +0100, Reimar Döffinger wrote:
> > We do neither document nor check such a requirement
> > and for application-provided get_buffer2 they could
> > contain the result of a malloc(0) or whatever value
> > they had previously.
> > This fixes a use-after-free in e.g. MPlayer:
> > https://trac.mplayerhq.hu/ticket/2262
> > We might want to consider changing the (documented)
> > API in addition though.
> > 
> > Signed-off-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
> > ---
> >  libavcodec/mjpegdec.c | 8 +++++---
> >  1 file changed, 5 insertions(+), 3 deletions(-)  
> 
> the assumtation that unused plane pointers are NULL is more
> widespread than mjpeg i think
> 
> also, is it really a good idea to leave stale pointers in the array?
> 
> [...]

Unfortunately I have to agree. I got some crashes in libavfilter when I
didn't set some "unused" plane pointers to NULL. Some code is just lazy
and checks plane pointers for NULL, instead of retrieving the proper
plane count.


More information about the ffmpeg-devel mailing list