[FFmpeg-devel] [PATCH 1/3] avformat/mlvdec: Check for existence of AVIOContext before using it

[Andreas Rheinhardt]

The mlv demuxer supports input split into multiple files; if invalid
data is encountered when parsing one of the subsequent files, that file
is closed. But at this point some index entries belonging to this file
might already have been added. In this case, the read_packet function
might try to use the AVIOContext (which is NULL) to read data which will
of course crash. This commit fixes this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
As an alternative to patches 1 and 3 one could also just error out if
one of the subsequent files is bad.

 libavformat/mlvdec.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c
index 03aed71024..7c7ced7f76 100644
--- a/libavformat/mlvdec.c
+++ b/libavformat/mlvdec.c
@@ -411,6 +411,10 @@ static int read_packet(AVFormatContext *avctx, AVPacket *pkt)
     }
 
     pb = mlv->pb[st->index_entries[index].size];
+    if (!pb) {
+        ret = FFERROR_REDO;
+        goto next_packet;
+    }
     avio_seek(pb, st->index_entries[index].pos, SEEK_SET);
 
     avio_skip(pb, 4); // blockType
@@ -439,12 +443,14 @@ static int read_packet(AVFormatContext *avctx, AVPacket *pkt)
     pkt->stream_index = mlv->stream_index;
     pkt->pts = mlv->pts;
 
+    ret = 0;
+next_packet:
     mlv->stream_index++;
     if (mlv->stream_index == avctx->nb_streams) {
         mlv->stream_index = 0;
         mlv->pts++;
     }
-    return 0;
+    return ret;
 }
 
 static int read_seek(AVFormatContext *avctx, int stream_index, int64_t timestamp, int flags)
-- 
2.20.1