[FFmpeg-devel] [PATCH 2/8] ffmdec: check codec pointer before use

Sun, 08 Mar 2015 16:03:30 -0700 

Hi,

attached patch fixes potential crashes.

Best regards,
Andreas

>From 011296153f6e0e0112803474c41c4afa840a1e6d Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
Date: Sun, 8 Mar 2015 23:07:25 +0100
Subject: [PATCH 2/8] ffmdec: check codec pointer before use

It is only set in the COMM case of the switch statement, but that is not
guaranteed to come before the others.

Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
 libavformat/ffmdec.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c
index 280a24c..af37e74 100644
--- a/libavformat/ffmdec.c
+++ b/libavformat/ffmdec.c
@@ -259,7 +259,7 @@ static int ffm2_read_header(AVFormatContext *s)
     FFMContext *ffm = s->priv_data;
     AVStream *st;
     AVIOContext *pb = s->pb;
-    AVCodecContext *codec;
+    AVCodecContext *codec = NULL;
     int ret;
     int f_main = 0, f_cprv = -1, f_stvi = -1, f_stau = -1;
     AVCodec *enc;
@@ -325,7 +325,7 @@ static int ffm2_read_header(AVFormatContext *s)
             }
             break;
         case MKBETAG('S', 'T', 'V', 'I'):
-            if (f_stvi++) {
+            if (f_stvi++ || !codec) {
                 ret = AVERROR(EINVAL);
                 goto fail;
             }
@@ -375,7 +375,7 @@ static int ffm2_read_header(AVFormatContext *s)
             codec->refs = avio_rb32(pb);
             break;
         case MKBETAG('S', 'T', 'A', 'U'):
-            if (f_stau++) {
+            if (f_stau++ || !codec) {
                 ret = AVERROR(EINVAL);
                 goto fail;
             }
@@ -384,7 +384,7 @@ static int ffm2_read_header(AVFormatContext *s)
             codec->frame_size = avio_rl16(pb);
             break;
         case MKBETAG('C', 'P', 'R', 'V'):
-            if (f_cprv++) {
+            if (f_cprv++ || !codec) {
                 ret = AVERROR(EINVAL);
                 goto fail;
             }
@@ -401,7 +401,7 @@ static int ffm2_read_header(AVFormatContext *s)
             }
             break;
         case MKBETAG('S', '2', 'V', 'I'):
-            if (f_stvi++) {
+            if (f_stvi++ || !codec) {
                 ret = AVERROR(EINVAL);
                 goto fail;
             }
@@ -416,7 +416,7 @@ static int ffm2_read_header(AVFormatContext *s)
                 goto fail;
             break;
         case MKBETAG('S', '2', 'A', 'U'):
-            if (f_stau++) {
+            if (f_stau++ || !codec) {
                 ret = AVERROR(EINVAL);
                 goto fail;
             }
-- 
2.1.4


_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to