On 1/10/2022 11:30 PM, 13102179...@163.com wrote:
From: Yang Xiao <ysha...@outlook.com> This commit fixed a crash when seeking wma frames, asf decoder will try to demux in function asf_read_pts(). Pointer member side_data of AVPacket that allocated by stack may be wild pointer. Prevent releasing wild pointers in AVPacket when some functions try to call av_packet_unref, example av_read_frame(). --- libavformat/asfdec_f.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index a8f36ed286..8cf953830e 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -1433,7 +1433,7 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, { FFFormatContext *const si = ffformatcontext(s); ASFContext *asf = s->priv_data; - AVPacket pkt1, *pkt = &pkt1; + AVPacket *pkt = av_packet_alloc();
You're not checking pkt for allocation failure, and you're never freeing it after using it, so it will leak.
ASFStream *asf_st; int64_t pts; int64_t pos = *ppos;
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".