[FFmpeg-devel] [PATCH] sbgdec: prevent NULL pointer access
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Wed Nov 23 01:37:00 EET 2016
On 23.11.2016 00:01, Josh de Kock wrote:
> On 22/11/2016 22:22, Andreas Cadhalpun wrote:
>> On 10.11.2016 22:24, Andreas Cadhalpun wrote:
>>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>>> ---
>>> libavformat/sbgdec.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c
>>> index bb020d7..cbedd12 100644
>>> --- a/libavformat/sbgdec.c
>>> +++ b/libavformat/sbgdec.c
>>> @@ -927,7 +927,7 @@ static void expand_timestamps(void *log, struct sbg_script *s)
>>> }
>>> }
>>> if (s->start_ts == AV_NOPTS_VALUE)
>>> - s->start_ts = s->opt_start_at_first ? s->tseq[0].ts.t : now;
>>> + s->start_ts = (s->opt_start_at_first && s->tseq) ? s->tseq[0].ts.t : now;
>>> s->end_ts = s->opt_duration ? s->start_ts + s->opt_duration :
>>> AV_NOPTS_VALUE; /* may be overridden later by -E option */
>>> cur_ts = now;
>>>
>>
>> Ping. It would be good to have this fixed in 3.2.1.
>>
>
> I don't see how s->tseq can be NULL unless the functions are externally invoked without
> a proper state (which they shouldn't be because they're static).
It happens with simply using ffprobe on the sample.
The problem is that tseq is only allocated in parse_time_sequence, but
that function is not necessarily called.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list