[FFmpeg-devel] [PATCH v2] avformat/nutdec: Add check for avformat_new_stream
Jiasheng Jiang
jiasheng at iscas.ac.cn
Wed Feb 16 10:40:16 EET 2022
As the potential failure of the memory allocation,
the avformat_new_stream() could return NULL pointer.
Therefore, it should be better to check it and return
error if fails.
Also, the caller, nut_read_header(), needs to deal with
the return value of the decode_main_header() and return
error if memory allocation fails.
To avoid mishandling the invalid 'time_base_count', another
check for the 'time_base_count' is needed and return different
error if fails.
Fixes: 619d8e2e58 ("updating nut demuxer to latest spec no muxing yet no index yet no seeking yet libnuts crcs dont match mine (didnt investigate yet) samplerate is stored wrong by libnut (demuxer has a workaround) code is not clean or beautifull yet, but i thought its better to commit early before someone unneccesarily wastes his time duplicating the work demuxer split from muxer")
Signed-off-by: Jiasheng Jiang <jiasheng at iscas.ac.cn>
---
Changelog:
v1 -> v2
* Change 1. Add the error handling for ENOMEM from decode_main_header()
in nut_read_header().
* Change 2. Check for the 'time_base_count'.
---
libavformat/nutdec.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 0a8a700acf..4cbccb20d9 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -220,6 +220,10 @@ static int decode_main_header(NUTContext *nut)
}
GET_V(nut->time_base_count, tmp > 0 && tmp < INT_MAX / sizeof(AVRational) && tmp < length/2);
+
+ if (nut->time_base_count > NUT_MAX_STREAMS)
+ return AVERROR_INVALIDDATA;
+
nut->time_base = av_malloc_array(nut->time_base_count, sizeof(AVRational));
if (!nut->time_base)
return AVERROR(ENOMEM);
@@ -351,8 +355,13 @@ static int decode_main_header(NUTContext *nut)
ret = AVERROR(ENOMEM);
goto fail;
}
- for (i = 0; i < stream_count; i++)
- avformat_new_stream(s, NULL);
+ for (i = 0; i < stream_count; i++) {
+ if (!avformat_new_stream(s, NULL)) {
+ av_free(nut->stream);
+ ret = AVERROR(ENOMEM);
+ goto fail;
+ }
+ }
return 0;
fail:
@@ -800,19 +809,23 @@ static int nut_read_header(AVFormatContext *s)
NUTContext *nut = s->priv_data;
AVIOContext *bc = s->pb;
int64_t pos;
- int initialized_stream_count;
+ int initialized_stream_count, ret;
nut->avf = s;
/* main header */
pos = 0;
+ ret = 0;
do {
+ if (ret == AVERROR(ENOMEM))
+ return ret;
+
pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
if (pos < 0 + 1) {
av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
return AVERROR_INVALIDDATA;
}
- } while (decode_main_header(nut) < 0);
+ } while ((ret = decode_main_header(nut)) < 0);
/* stream headers */
pos = 0;
--
2.25.1
More information about the ffmpeg-devel
mailing list