On 5/31/2020 10:50 AM, Michael Niedermayer wrote: > Fixes: NULL pointer dereference > Fixes: > 22604/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5667739074297856.fuzz > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavformat/mlvdec.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c > index dae13cae53..03aed71024 100644 > --- a/libavformat/mlvdec.c > +++ b/libavformat/mlvdec.c > @@ -393,10 +393,14 @@ static int read_packet(AVFormatContext *avctx, AVPacket > *pkt) > { > MlvContext *mlv = avctx->priv_data; > AVIOContext *pb; > - AVStream *st = avctx->streams[mlv->stream_index]; > + AVStream *st; > int index, ret; > unsigned int size, space; > > + if (!avctx->nb_streams) > + return AVERROR_EOF;
Shouldn't you abort during read_header() instead if no streams are ever allocated? > + > + st = avctx->streams[mlv->stream_index]; > if (mlv->pts >= st->duration) > return AVERROR_EOF; > > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
