On Fri, 26 Feb 2016 02:38:13 +0100 Michael Niedermayer <mich...@niedermayer.cc> wrote:
> On Fri, Feb 26, 2016 at 12:15:19AM +0100, Reimar Döffinger wrote: > > We do neither document nor check such a requirement > > and for application-provided get_buffer2 they could > > contain the result of a malloc(0) or whatever value > > they had previously. > > This fixes a use-after-free in e.g. MPlayer: > > https://trac.mplayerhq.hu/ticket/2262 > > We might want to consider changing the (documented) > > API in addition though. > > > > Signed-off-by: Reimar Döffinger <reimar.doeffin...@gmx.de> > > --- > > libavcodec/mjpegdec.c | 8 +++++--- > > 1 file changed, 5 insertions(+), 3 deletions(-) > > the assumtation that unused plane pointers are NULL is more > widespread than mjpeg i think > > also, is it really a good idea to leave stale pointers in the array? > > [...] Unfortunately I have to agree. I got some crashes in libavfilter when I didn't set some "unused" plane pointers to NULL. Some code is just lazy and checks plane pointers for NULL, instead of retrieving the proper plane count. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
