Re: [FFmpeg-devel] [PATCH] Null check of &s->internal before attempting to free dict and pkt - avoid Null pointer dereference crash

Tue, 08 Jun 2021 10:28:45 -0700 

Andreas Rheinhardt:

In my test case:
  avformat_open_input(pInputContext, ...) returns an error code

Attempts to free the (allocated?) context memory then causes a NULL reference 
exception when accessing &s->internal->id3v2_meta, etc. since &s->internal is 
NULL.
  avformat_free_context(pInputContext)

- Robert.

-----Original Message-----
From: ffmpeg-devel <ffmpeg-devel-boun...@ffmpeg.org> On Behalf Of Andreas 
Rheinhardt
Sent: June 8, 2021 1:21 PM
To: ffmpeg-devel@ffmpeg.org
Subject: Re: [FFmpeg-devel] [PATCH] Null check of &s->internal before 
attempting to free dict and pkt - avoid Null pointer dereference crash

Robert Beyer:
> ---
>  libavformat/utils.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index fe8eaa6cb3..73a7d13123 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -4331,9 +4331,11 @@ void avformat_free_context(AVFormatContext *s)
>      }
>      av_freep(&s->chapters);
>      av_dict_free(&s->metadata);
> -    av_dict_free(&s->internal->id3v2_meta);
> -    av_packet_free(&s->internal->pkt);
> -    av_packet_free(&s->internal->parse_pkt);
> +    if (&s->internal) {
> +        av_dict_free(&s->internal->id3v2_meta);
> +        av_packet_free(&s->internal->pkt);
> +        av_packet_free(&s->internal->parse_pkt);
> +    }
>      av_freep(&s->streams);
>      flush_packet_queue(s);
>      av_freep(&s->internal);
> 
1. Checking for &s->internal is nonsense: If s is not NULL and points to
an AVFormatContext, &s->internal is so, too. You want to check for
s->internal.
2. avformat_alloc_context() (the only function that directly allocates
AVFormatContexts) ensures that every successfully allocated
AVFormatContext has an AVFormatInternal set, so the issue should just
not happen. If it does happen for you, then please provide the necessary
details to reproduce it.

- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to