On 1/10/2022 11:30 PM, 13102179...@163.com wrote:
From: Yang Xiao <ysha...@outlook.com>

This commit fixed a crash when seeking wma frames, asf decoder will try to 
demux in function asf_read_pts().
Pointer member side_data of AVPacket that allocated by stack may be wild 
pointer.
Prevent releasing wild pointers in AVPacket when some functions try to call 
av_packet_unref, example av_read_frame().
---
  libavformat/asfdec_f.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index a8f36ed286..8cf953830e 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -1433,7 +1433,7 @@ static int64_t asf_read_pts(AVFormatContext *s, int 
stream_index,
  {
      FFFormatContext *const si = ffformatcontext(s);
      ASFContext *asf     = s->priv_data;
-    AVPacket pkt1, *pkt = &pkt1;
+    AVPacket *pkt = av_packet_alloc();

You're not checking pkt for allocation failure, and you're never freeing it after using it, so it will leak.

      ASFStream *asf_st;
      int64_t pts;
      int64_t pos = *ppos;
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to