This might happen in avio_write() if size == 0
when the direct codepath is taken. It is undefined behaviour
according to the spec although it happens to work in practice.
Fixes the webm-webvtt-remux FATE-test under UBSan.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
---
libavformat/aviobuf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index b20b1a611a..5b6a42d7f4 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -231,6 +231,8 @@ void ffio_fill(AVIOContext *s, int b, int64_t count)
void avio_write(AVIOContext *s, const unsigned char *buf, int size)
{
+ if (size <= 0)
+ return;
if (s->direct && !s->update_checksum) {
avio_flush(s);
writeout(s, buf, size);
@@ -246,7 +248,7 @@ void avio_write(AVIOContext *s, const unsigned char *buf,
int size)
buf += len;
size -= len;
- }
+ } while (size > 0);
}
void avio_flush(AVIOContext *s)
--
2.34.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
