[FFmpeg-devel] [PATCH 1/5] avformat/dashenc: fix invalid pointer access if avio_get_dyn_buf failed
lance.lmwang at gmail.com
lance.lmwang at gmail.com
Wed Apr 29 18:14:13 EEST 2020
From: Limin Wang <lance.lmwang at gmail.com>
If an error occurs, avio_get_dyn_buf() will return 0 and buf is NULL, so it's necessary to check
the return value for the following code will access the buf pointer with index. In addition,
the buf len should be greater than written_len to avoid the buffer overflow access.
Signed-off-by: Limin Wang <lance.lmwang at gmail.com>
---
libavformat/dashenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/dashenc.c b/libavformat/dashenc.c
index 9f83785792..99fb7d67af 100644
--- a/libavformat/dashenc.c
+++ b/libavformat/dashenc.c
@@ -2260,7 +2260,7 @@ static int dash_write_packet(AVFormatContext *s, AVPacket *pkt)
uint8_t *buf = NULL;
avio_flush(os->ctx->pb);
len = avio_get_dyn_buf (os->ctx->pb, &buf);
- if (os->out) {
+ if (os->out && len > os->written_len) {
avio_write(os->out, buf + os->written_len, len - os->written_len);
avio_flush(os->out);
}
--
2.21.0
More information about the ffmpeg-devel
mailing list