[FFmpeg-devel] [libav-devel] [PATCH 3/4] dds: make sure pallete frame buffer exists before use
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Wed Nov 11 20:29:52 CET 2015
On 11.11.2015 12:28, Vittorio Giovara wrote:
> On Wed, Nov 11, 2015 at 1:16 AM, Andreas Cadhalpun
> <andreas.cadhalpun at googlemail.com> wrote:
>> Otherwise it causes a NULL pointer dereference of frame->data[1].
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavcodec/dds.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/libavcodec/dds.c b/libavcodec/dds.c
>> index c918cf0..fe36709 100644
>> --- a/libavcodec/dds.c
>> +++ b/libavcodec/dds.c
>> @@ -662,6 +662,11 @@ static int dds_decode(AVCodecContext *avctx, void *data,
>>
>> if (ctx->paletted) {
>> int i;
>> + if (!frame->data[1]) {
>> + av_log(avctx, AV_LOG_ERROR,
>> + "Palette frame buffer is not allocated.\n");
>> + return AVERROR_INVALIDDATA;
>> + }
>> /* Use the first 1024 bytes as palette, then copy the rest. */
>> bytestream2_get_buffer(gbc, frame->data[1], 256 * 4);
>> for (i = 0; i < 256; i++)
>
> how can this happen?
That's best described with code:
if (!ctx->compressed && ctx->paletted &&
!(av_pix_fmt_desc_get(avctx->pix_fmt)->flags & (AV_PIX_FMT_FLAG_PAL | AV_PIX_FMT_FLAG_PSEUDOPAL)))
Attached is a patch using this expression to check for the problem.
Best regards,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dds-validate-palette-pixel-format.patch
Type: text/x-diff
Size: 1190 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20151111/98da8982/attachment.patch>
More information about the ffmpeg-devel
mailing list