[FFmpeg-devel] [PATCH] avformat/utils: fix undefined behaviour
James Almer
jamrial at gmail.com
Sun Feb 14 23:28:01 EET 2021
On 2/14/2021 6:23 PM, Andreas Rheinhardt wrote:
> James Almer:
>> On 2/14/2021 6:09 PM, Paul B Mahol wrote:
>>> Fixes following report:
>>> libavformat/utils.c:1429:14: runtime error: applying zero offset to
>>> null pointer
>>
>> How is data NULL here? That's the input packet's data pointer, and this
>> loop is accessed only if size is > 0. data == NULL and size != 0 doesn't
>> sound valid. Or am i missing something?
>
> Flushing.
A flush packet with data == NULL and size != 0? ff_read_packet(), called
before the flush attempt, initializes the packet to defaults. So if it
returns < 1, shouldn't the packet remain clean?
>
>>
>> Try compiling with assert level set to 1, see if you get an assertion
>> failure on avpacket helpers.
>>
>>> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
>>> libavformat/utils.c:1429:14
>>>
>>> Signed-off-by: Paul B Mahol <onemda at gmail.com>
>>> ---
>>> libavformat/utils.c | 6 ++++--
>>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/libavformat/utils.c b/libavformat/utils.c
>>> index 3e955b85bc..e4f100fda2 100644
>>> --- a/libavformat/utils.c
>>> +++ b/libavformat/utils.c
>>> @@ -1426,8 +1426,10 @@ static int parse_packet(AVFormatContext *s,
>>> AVPacket *pkt,
>>> pkt->pts = pkt->dts = AV_NOPTS_VALUE;
>>> pkt->pos = -1;
>>> /* increment read pointer */
>>> - data += len;
>>> - size -= len;
>>> + if (len > 0) {
>>> + data += len;
>>> + size -= len;
>>> + }
>>> got_output = !!out_pkt.size;
>>>
>>
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org
>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
>> To unsubscribe, visit link above, or email
>> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
More information about the ffmpeg-devel
mailing list