[FFmpeg-devel] [PATCH] avformat/mpegts: Reset local nb_prg on add_program() failure
Michael Niedermayer
michael at niedermayer.cc
Sun Mar 10 20:07:19 EET 2024
add_program() will deallocate the whole array on failure so
we must clear nb_prgs
Fixes: null pointer dereference
Fixes: crash-35a3b39ddcc5babeeb005b7399a3a1217c8781bc
Found-by: Catena cyber
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavformat/mpegts.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index de7a3c8b45..320926248b 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -2605,7 +2605,8 @@ static void pat_cb(MpegTSFilter *filter, const uint8_t *section, int section_len
FFSWAP(struct Program, ts->prg[nb_prg], ts->prg[prg_idx]);
if (prg_idx >= nb_prg)
nb_prg++;
- }
+ } else
+ nb_prg = 0;
}
}
ts->nb_prg = nb_prg;
--
2.17.1
More information about the ffmpeg-devel
mailing list