[FFmpeg-devel] [PATCH 1/2] backport NULL pointer dereference fix / CVE-2019-17539 / 15733 clusterfuzz
James Boyle
jboyle at quotient-inc.com
Thu Nov 14 22:01:29 EET 2019
Hello,
This patch is nearly identical to commit
8df6884832ec413cf032dfaa45c23b1c7876670c, but is intended to backport
the fix for CVE-2019-17539 to ffmpeg version 3.4.6, which is in use on
RHEL 7 systems that get ffmpeg from rpmfusion.
https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c
---
libavcodec/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index ec03bdc..18b66d4 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -1112,7 +1112,7 @@ end:
return ret;
free_and_end:
- if (avctx->codec &&
+ if (avctx->codec && avctx->codec->close &&
(avctx->codec->caps_internal & FF_CODEC_CAP_INIT_CLEANUP))
avctx->codec->close(avctx);
--
2.21.0
Thanks,
--James
More information about the ffmpeg-devel
mailing list