The mlv demuxer supports input split into multiple files; if invalid
data is encountered when parsing one of the subsequent files, that file
is closed. But at this point some index entries belonging to this file
might already have been added. In this case, the read_packet function
might try to use the AVIOContext (which is NULL) to read data which will
of course crash. This commit fixes this.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
---
As an alternative to patches 1 and 3 one could also just error out if
one of the subsequent files is bad.
libavformat/mlvdec.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c
index 03aed71024..7c7ced7f76 100644
--- a/libavformat/mlvdec.c
+++ b/libavformat/mlvdec.c
@@ -411,6 +411,10 @@ static int read_packet(AVFormatContext *avctx, AVPacket
*pkt)
}
pb = mlv->pb[st->index_entries[index].size];
+ if (!pb) {
+ ret = FFERROR_REDO;
+ goto next_packet;
+ }
avio_seek(pb, st->index_entries[index].pos, SEEK_SET);
avio_skip(pb, 4); // blockType
@@ -439,12 +443,14 @@ static int read_packet(AVFormatContext *avctx, AVPacket
*pkt)
pkt->stream_index = mlv->stream_index;
pkt->pts = mlv->pts;
+ ret = 0;
+next_packet:
mlv->stream_index++;
if (mlv->stream_index == avctx->nb_streams) {
mlv->stream_index = 0;
mlv->pts++;
}
- return 0;
+ return ret;
}
static int read_seek(AVFormatContext *avctx, int stream_index, int64_t
timestamp, int flags)
--
2.20.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
