[FFmpeg-devel] Null pointer dereference?

Zubin Mevawalla Tue, 09 May 2017 11:48:26 -0700

I was curious if this is a real null pointer dereference issue?

CodeAi, an automated repair tool being developed at Qbit logic,
suggested an if-guard in libavformat/rtpdec.c on line 796 having seen
a path through the control flow where an array access from `buf`
results in a null pointer dereference. If `bufptr` is NULL, and `len`
>= 12, then `buf` is initialized to NULL and dereferenced on line 796.


diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c
--- a/libavformat/rtpdec.c
+++ b/libavformat/rtpdec.c
@@ -793,8 +793,10 @@ static int rtp_parse_one_packet(RTPDemuxContext
*s, AVPacket *pkt,
     if (len < 12)
         return -1;

-    if ((buf[0] & 0xc0) != (RTP_VERSION << 6))
+    if(buf) {
+        if ((buf[0] & 0xc0) != (RTP_VERSION << 6))
         return -1;
+        }
     if (RTP_PT_IS_RTCP(buf[1])) {
         return rtcp_parse_packet(s, buf, len);
     }

Could I submit this as a patch if it looks alright?

Thanks so much,

Zubin
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] Null pointer dereference?

Reply via email to