[FFmpeg-devel] [PATCH 5/9] avformat/rmdec: Fix potential crash on allocation failure

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Tue Jul 21 05:12:11 EEST 2020


The RealMedia demuxer uses the priv_data of its streams to store a
structure containing an AVPacket. These packets are unreferenced in the
read_close function, yet said function simply presumed that the
priv_data has been successfully allocated. This implies that it mustn't
be called when an allocation of priv_data fails; but this can happen
since commit 35bbc1955a58ba74552c50d9161084644f00bbd3 if one has a
stream with multiple substreams (also exported as AVStream) and if
allocating the priv_data for one of these substreams fails.

This has been fixed by making sure that read_close can handle the case
in which priv_data has not been successfully allocated.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
This here is another reason why every demuxer needs to be carefully
checked for whether it is compatible with calling read_close
automatically.

 libavformat/rmdec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 6851b7e1f4..72b8dba741 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -115,6 +115,9 @@ RMStream *ff_rm_alloc_rmstream (void)
 
 void ff_rm_free_rmstream (RMStream *rms)
 {
+    if (!rms)
+        return;
+
     av_packet_unref(&rms->pkt);
 }
 
-- 
2.20.1



More information about the ffmpeg-devel mailing list