Andreas Rheinhardt:
> The mlv demuxer supports input split into multiple files; if invalid
> data is encountered when parsing one of the subsequent files, that file
> is closed. But at this point some index entries belonging to this file
> might already have been added. In this case, the read_packet function
> might try to use the AVIOContext (which is NULL) to read data which will
> of course crash. This commit fixes this.
>
> Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
> ---
> As an alternative to patches 1 and 3 one could also just error out if
> one of the subsequent files is bad.
>
> libavformat/mlvdec.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c
> index 03aed71024..7c7ced7f76 100644
> --- a/libavformat/mlvdec.c
> +++ b/libavformat/mlvdec.c
> @@ -411,6 +411,10 @@ static int read_packet(AVFormatContext *avctx, AVPacket
> *pkt)
> }
>
> pb = mlv->pb[st->index_entries[index].size];
> + if (!pb) {
> + ret = FFERROR_REDO;
> + goto next_packet;
> + }
> avio_seek(pb, st->index_entries[index].pos, SEEK_SET);
>
> avio_skip(pb, 4); // blockType
> @@ -439,12 +443,14 @@ static int read_packet(AVFormatContext *avctx, AVPacket
> *pkt)
> pkt->stream_index = mlv->stream_index;
> pkt->pts = mlv->pts;
>
> + ret = 0;
> +next_packet:
> mlv->stream_index++;
> if (mlv->stream_index == avctx->nb_streams) {
> mlv->stream_index = 0;
> mlv->pts++;
> }
> - return 0;
> + return ret;
> }
>
> static int read_seek(AVFormatContext *avctx, int stream_index, int64_t
> timestamp, int flags)
>
Will apply this patchset tomorrow unless there are objections.
- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
