[FFmpeg-devel] [PATCH 1/5] avformat/dashenc: fix invalid pointer access if avio_get_dyn_buf failed
Limin Wang
lance.lmwang at gmail.com
Wed Apr 29 18:27:02 EEST 2020
On Wed, Apr 29, 2020 at 05:18:18PM +0200, Nicolas George wrote:
> lance.lmwang at gmail.com (12020-04-29):
> > From: Limin Wang <lance.lmwang at gmail.com>
> >
> > If an error occurs, avio_get_dyn_buf() will return 0 and buf is NULL, so it's necessary to check
> > the return value for the following code will access the buf pointer with index. In addition,
> > the buf len should be greater than written_len to avoid the buffer overflow access.
> >
> > Signed-off-by: Limin Wang <lance.lmwang at gmail.com>
> > ---
> > libavformat/dashenc.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> And if the allocation fails, the data is silently discarded. Seems
> broken. Did you test your change?
yes, avio_write can process zero len with NULL pointer, but here it'll use buf+written_len, so
it's invalid access I think. So what's the broken? Maybe I haven't catch your point.
>
> Regards,
>
> --
> Nicolas George
--
Thanks,
Limin Wang
More information about the ffmpeg-devel
mailing list