[FFmpeg-devel] [PATCH v2] fftools/ffmpeg_filter: fix SEGV in choose_pix_fmts after avio_close_dyn_buf

Wed Dec 1 13:37:40 EET 2021

Check avio_printf value and len from avio_close_dyn_buf, it should
incorrect if they are not equal each other.

Reported-by: TOTE Robot <oslab at tsinghua.edu.cn>
Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
---
 fftools/ffmpeg_filter.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fftools/ffmpeg_filter.c b/fftools/ffmpeg_filter.c
index 452b689d62..ceb08b44f1 100644
--- a/fftools/ffmpeg_filter.c
+++ b/fftools/ffmpeg_filter.c
@@ -105,6 +105,7 @@ static char *choose_pix_fmts(OutputFilter *ofilter)
         AVIOContext *s = NULL;
         uint8_t *ret;
         int len;
+        int name_new_size = 0;
 
         if (avio_open_dyn_buf(&s) < 0)
             exit_program(1);
@@ -116,9 +117,11 @@ static char *choose_pix_fmts(OutputFilter *ofilter)
 
         for (; *p != AV_PIX_FMT_NONE; p++) {
             const char *name = av_get_pix_fmt_name(*p);
-            avio_printf(s, "%s|", name);
+            name_new_size = avio_printf(s, "%s|", name);
         }
         len = avio_close_dyn_buf(s, &ret);
+        if (len != name_new_size)
+            return NULL;
         ret[len - 1] = 0;
         return ret;
     } else
-- 
2.25.0

