[FFmpeg-devel] [PATCH 3/3] avutil/opt: Preserve nb_channels in opt_free
James Almer
jamrial at gmail.com
Wed May 1 00:27:23 EEST 2024
On 4/29/2024 9:48 PM, Michael Niedermayer wrote:
> Fixes: division by 0
> Fixes: decoder modifying demuxer channels on failure
> Fixes: -sseof -5 -i zgclab/ffmpeg_crash/poc3
>
> Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavutil/opt.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/libavutil/opt.c b/libavutil/opt.c
> index ecbf7efe5fb..24c08e4bc06 100644
> --- a/libavutil/opt.c
> +++ b/libavutil/opt.c
> @@ -132,9 +132,11 @@ static void opt_free_elem(const AVOption *o, void *ptr)
> av_dict_free((AVDictionary **)ptr);
> break;
>
> - case AV_OPT_TYPE_CHLAYOUT:
> + case AV_OPT_TYPE_CHLAYOUT: {
> + int nb_channels = ((AVChannelLayout *)ptr)->nb_channels;
> av_channel_layout_uninit((AVChannelLayout *)ptr);
> - break;
> + ((AVChannelLayout *)ptr)->nb_channels = nb_channels;
> + break;}
>
> default:
> break;
A little bit of context would be helpful here. What's using nb_channels
after av_opt_free was called and where?
More information about the ffmpeg-devel
mailing list