Yang Xiao:
> From: Yang Xiao <ysha...@outlook.com>
>
> This commit fixed a crash when seeking wma frames, asf decoder will try to
> demux in function asf_read_pts().
> Pointer member side_data of AVPacket that allocated by stack may be wild
> pointer.
> Prevent releasing wild pointers in AVPacket when some functions try to call
> av_packet_unref, example av_read_frame().
> ---
> libavformat/asfdec_f.c | 2 +-
> libavformat/mpc.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
> index a8f36ed286..bae0ecfc7c 100644
> --- a/libavformat/asfdec_f.c
> +++ b/libavformat/asfdec_f.c
> @@ -1433,7 +1433,7 @@ static int64_t asf_read_pts(AVFormatContext *s, int
> stream_index,
> {
> FFFormatContext *const si = ffformatcontext(s);
> ASFContext *asf = s->priv_data;
> - AVPacket pkt1, *pkt = &pkt1;
> + AVPacket pkt1 = {0}, *pkt = &pkt1;
> ASFStream *asf_st;
> int64_t pts;
> int64_t pos = *ppos;
> diff --git a/libavformat/mpc.c b/libavformat/mpc.c
> index b5b2bab33c..ad0d693152 100644
> --- a/libavformat/mpc.c
> +++ b/libavformat/mpc.c
> @@ -189,7 +189,7 @@ static int mpc_read_seek(AVFormatContext *s, int
> stream_index, int64_t timestamp
> AVStream *st = s->streams[stream_index];
> FFStream *const sti = ffstream(st);
> MPCContext *c = s->priv_data;
> - AVPacket pkt1, *pkt = &pkt1;
> + AVPacket pkt1 = {0}, *pkt = &pkt1;
> int ret;
> int index = av_index_search_timestamp(st, FFMAX(timestamp -
> DELAY_FRAMES, 0), flags);
> uint32_t lastframe;
>
Do you have FF_API_INIT_PACKET set to 0 (it should still be set to 1)?
Because av_read_frame() is supposed to (and documented to) treat the
packet it is given as uninitialized.
- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
