[FFmpeg-devel] [PATCH] sbgdec: prevent NULL pointer access

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Wed Nov 23 02:23:12 EET 2016


On 23.11.2016 01:06, Josh de Kock wrote:
> On 22/11/2016 23:37, Andreas Cadhalpun wrote:
>> On 23.11.2016 00:01, Josh de Kock wrote:
>>> On 22/11/2016 22:22, Andreas Cadhalpun wrote:
>>>> On 10.11.2016 22:24, Andreas Cadhalpun wrote:
>>>>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>>>>> ---
>>>>>  libavformat/sbgdec.c | 2 +-
>>>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c
>>>>> index bb020d7..cbedd12 100644
>>>>> --- a/libavformat/sbgdec.c
>>>>> +++ b/libavformat/sbgdec.c
>>>>> @@ -927,7 +927,7 @@ static void expand_timestamps(void *log, struct sbg_script *s)
>>>>>          }
>>>>>      }
>>>>>      if (s->start_ts == AV_NOPTS_VALUE)
>>>>> -        s->start_ts = s->opt_start_at_first ? s->tseq[0].ts.t : now;
>>>>> +        s->start_ts = (s->opt_start_at_first && s->tseq) ? s->tseq[0].ts.t : now;
>>>>>      s->end_ts = s->opt_duration ? s->start_ts + s->opt_duration :
>>>>>                  AV_NOPTS_VALUE; /* may be overridden later by -E option */
>>>>>      cur_ts = now;
>>>>>
>>>>
>>>> Ping. It would be good to have this fixed in 3.2.1.
>>>>
>>>
>>> I don't see how s->tseq can be NULL unless the functions are externally invoked without
>>> a proper state (which they shouldn't be because they're static).
>>
>> It happens with simply using ffprobe on the sample.
>> The problem is that tseq is only allocated in parse_time_sequence, but
>> that function is not necessarily called.
>>  
> 
> Ok. I see that now, at the very least this patch shouldn't have any
> adverse effects--LGTM.

Pushed.

Best regards,
Andreas



More information about the ffmpeg-devel mailing list