[FFmpeg-devel] [PATCH 2/5] avformat/matroskaenc: fix invalid pointer access if avio_get_dyn_buf failed
Nicolas George
george at nsup.org
Thu Apr 30 01:37:41 EEST 2020
Andreas Rheinhardt (12020-04-30):
> I sent a patch containing proper checks for this and other allocations
> in this muxer here [1].
Thanks.
> PS: avio_close_dyn_buf() is even worse: Besides the design flaw of
> freeing a resource without setting the pointer to it to NULL, it returns
> a size of -AV_INPUT_BUFFER_PADDING_SIZE if a memory allocation failure
> happened (but not if the arbitrary limit of INT_MAX/2 has been
> surpassed); and this despite its documentation not allowing returning
> negative values at all. (And it returns the current position of the
> write pointer as size and zeroes what comes immediately after, even if a
> seek to the front has happened.)
The av_dynbuf_write() API I proposed some time ago allows proper error
check at the end (and I even intend to make it a little more
unavoidable in the next iteration). And as a bonus, it uses an on-stack
buffer as long as it fits (it is based on BPrint).
I have a small intro written about it if people are interested.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200430/2d7ed2ad/attachment.sig>
More information about the ffmpeg-devel
mailing list