On Wed, Apr 29, 2020 at 05:18:18PM +0200, Nicolas George wrote: > lance.lmw...@gmail.com (12020-04-29): > > From: Limin Wang <lance.lmw...@gmail.com> > > > > If an error occurs, avio_get_dyn_buf() will return 0 and buf is NULL, so > > it's necessary to check > > the return value for the following code will access the buf pointer with > > index. In addition, > > the buf len should be greater than written_len to avoid the buffer overflow > > access. > > > > Signed-off-by: Limin Wang <lance.lmw...@gmail.com> > > --- > > libavformat/dashenc.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > And if the allocation fails, the data is silently discarded. Seems > broken. Did you test your change?
yes, avio_write can process zero len with NULL pointer, but here it'll use buf+written_len, so it's invalid access I think. So what's the broken? Maybe I haven't catch your point. > > Regards, > > -- > Nicolas George -- Thanks, Limin Wang _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
