[FFmpeg-devel] [PATCH] avfilter/af_pan: fix null pointer dereference on empty token
Nicolas George
george at nsup.org
Sun Feb 5 11:23:35 EET 2017
Le septidi 17 pluviôse, an CCXXV, Marton Balint a écrit :
> Fixes Coverity CID 1396254.
>
> Signed-off-by: Marton Balint <cus at passwd.hu>
> ---
> libavfilter/af_pan.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
> index 94f1587..00eef2b 100644
> --- a/libavfilter/af_pan.c
> +++ b/libavfilter/af_pan.c
> @@ -115,6 +115,11 @@ static av_cold int init(AVFilterContext *ctx)
> if (!args)
> return AVERROR(ENOMEM);
> arg = av_strtok(args, "|", &tokenizer);
> + if (!arg) {
> + av_log(ctx, AV_LOG_ERROR, "Cannot tokenize argument\n");
> + ret = AVERROR(EINVAL);
> + goto fail;
> + }
Thanks for catching this. The fix seems correct. The error message, on
the other hand, is not good: it is meant for users but does not tell
them anything.
If I read the code correctly, this can only be triggered if the argument
to pan contains only the delimiter character. Something like "channel
layout not specified" would be more useful.
> ret = ff_parse_channel_layout(&pan->out_channel_layout,
> &pan->nb_output_channels, arg, ctx);
> if (ret < 0)
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170205/e0d30957/attachment.sig>
More information about the ffmpeg-devel
mailing list