diff mbox

[FFmpeg-devel] mxfdec: fix NULL pointer dereference in mxf_read_packet_old

Message ID 2b756808-5aac-1eac-70a6-250af5ccd1f6@googlemail.com
State Accepted
Commit fdb8c455b637f86e2e85503b7e090fa448164398
Headers show

Commit Message

Andreas Cadhalpun Nov. 17, 2016, 9:55 p.m. UTC 
Metadata streams have priv_data set to NULL.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/mxfdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Andreas Cadhalpun Nov. 22, 2016, 10:43 p.m. UTC | #1 
On 17.11.2016 22:55, Andreas Cadhalpun wrote:
> Metadata streams have priv_data set to NULL.
> 
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> ---
>  libavformat/mxfdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index a1a79ce..2ad0c28 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -3135,7 +3135,7 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt)
>                  if (mxf->nb_index_tables >= 1 && mxf->current_edit_unit < t->nb_ptses) {
>                      pkt->dts = mxf->current_edit_unit + t->first_dts;
>                      pkt->pts = t->ptses[mxf->current_edit_unit];
> -                } else if (track->intra_only) {
> +                } else if (track && track->intra_only) {
>                      /* intra-only -> PTS = EditUnit.
>                       * let utils.c figure out DTS since it can be < PTS if low_delay = 0 (Sony IMX30) */
>                      pkt->pts = mxf->current_edit_unit;
> 

Ping. It would be good to have this fixed in 3.2.1.

Best regards,
Andreas
Josh Dekker Nov. 22, 2016, 10:50 p.m. UTC | #2 
On 22/11/2016 22:43, Andreas Cadhalpun wrote:
> On 17.11.2016 22:55, Andreas Cadhalpun wrote:
>> Metadata streams have priv_data set to NULL.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
>> ---
>>  libavformat/mxfdec.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
>> index a1a79ce..2ad0c28 100644
>> --- a/libavformat/mxfdec.c
>> +++ b/libavformat/mxfdec.c
>> @@ -3135,7 +3135,7 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt)
>>                  if (mxf->nb_index_tables >= 1 && mxf->current_edit_unit < t->nb_ptses) {
>>                      pkt->dts = mxf->current_edit_unit + t->first_dts;
>>                      pkt->pts = t->ptses[mxf->current_edit_unit];
>> -                } else if (track->intra_only) {
>> +                } else if (track && track->intra_only) {
>>                      /* intra-only -> PTS = EditUnit.
>>                       * let utils.c figure out DTS since it can be < PTS if low_delay = 0 (Sony IMX30) */
>>                      pkt->pts = mxf->current_edit_unit;
>>
>
> Ping. It would be good to have this fixed in 3.2.1.
>
> Best regards,
> Andreas

LGTM.
Andreas Cadhalpun Nov. 22, 2016, 11:42 p.m. UTC | #3 
On 22.11.2016 23:50, Josh de Kock wrote:
> On 22/11/2016 22:43, Andreas Cadhalpun wrote:
>> On 17.11.2016 22:55, Andreas Cadhalpun wrote:
>>> Metadata streams have priv_data set to NULL.
>>>
>>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
>>> ---
>>>  libavformat/mxfdec.c | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
>>> index a1a79ce..2ad0c28 100644
>>> --- a/libavformat/mxfdec.c
>>> +++ b/libavformat/mxfdec.c
>>> @@ -3135,7 +3135,7 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt)
>>>                  if (mxf->nb_index_tables >= 1 && mxf->current_edit_unit < t->nb_ptses) {
>>>                      pkt->dts = mxf->current_edit_unit + t->first_dts;
>>>                      pkt->pts = t->ptses[mxf->current_edit_unit];
>>> -                } else if (track->intra_only) {
>>> +                } else if (track && track->intra_only) {
>>>                      /* intra-only -> PTS = EditUnit.
>>>                       * let utils.c figure out DTS since it can be < PTS if low_delay = 0 (Sony IMX30) */
>>>                      pkt->pts = mxf->current_edit_unit;
>>>
>>
>> Ping. It would be good to have this fixed in 3.2.1.
>>
>> Best regards,
>> Andreas
> 
> LGTM.

Pushed.

Best regards,
Andreas
Marton Balint May 30, 2018, 9:26 p.m. UTC | #4 
On Thu, 17 Nov 2016, Andreas Cadhalpun wrote:

> Metadata streams have priv_data set to NULL.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> ---
> libavformat/mxfdec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index a1a79ce..2ad0c28 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -3135,7 +3135,7 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt)
>                 if (mxf->nb_index_tables >= 1 && mxf->current_edit_unit < t->nb_ptses) {
>                     pkt->dts = mxf->current_edit_unit + t->first_dts;
>                     pkt->pts = t->ptses[mxf->current_edit_unit];
> -                } else if (track->intra_only) {
> +                } else if (track && track->intra_only) {
>                     /* intra-only -> PTS = EditUnit.
>                      * let utils.c figure out DTS since it can be < PTS if low_delay = 0 (Sony IMX30) */
>                     pkt->pts = mxf->current_edit_unit;

Was this patch really necessary? Because as far as I see, metadata streams 
(which have priv_data set to NULL) always have a AVMEDIA_TYPE_DATA 
st->codecpar->codec_type, and since this code calculates video pts, it 
never encounters a NULL track.

So is it OK to revert?

Thanks,
Marton
Tomas Härdin June 5, 2018, 8:25 a.m. UTC | #5 
ons 2018-05-30 klockan 23:26 +0200 skrev Marton Balint:
> 
> On Thu, 17 Nov 2016, Andreas Cadhalpun wrote:
> 
> > Metadata streams have priv_data set to NULL.
> > 
> > > > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> > ---
> > libavformat/mxfdec.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index a1a79ce..2ad0c28 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -3135,7 +3135,7 @@ static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt)
> >                 if (mxf->nb_index_tables >= 1 && mxf->current_edit_unit < t->nb_ptses) {
> >                     pkt->dts = mxf->current_edit_unit + t->first_dts;
> >                     pkt->pts = t->ptses[mxf->current_edit_unit];
> > -                } else if (track->intra_only) {
> > +                } else if (track && track->intra_only) {
> >                     /* intra-only -> PTS = EditUnit.
> >                      * let utils.c figure out DTS since it can be < PTS if low_delay = 0 (Sony IMX30) */
> >                     pkt->pts = mxf->current_edit_unit;
> 
> Was this patch really necessary? Because as far as I see, metadata streams 
> (which have priv_data set to NULL) always have a AVMEDIA_TYPE_DATA 
> st->codecpar->codec_type, and since this code calculates video pts, it 
> never encounters a NULL track.
> 
> So is it OK to revert?

Maybe? It doesn't really hurt, but it also makes it seem like track can be NULL

I really want static analysis on code like this...

/Tomas
diff mbox

Patch

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index a1a79ce..2ad0c28 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -3135,7 +3135,7 @@  static int mxf_read_packet_old(AVFormatContext *s, AVPacket *pkt)
                 if (mxf->nb_index_tables >= 1 && mxf->current_edit_unit < t->nb_ptses) {
                     pkt->dts = mxf->current_edit_unit + t->first_dts;
                     pkt->pts = t->ptses[mxf->current_edit_unit];
-                } else if (track->intra_only) {
+                } else if (track && track->intra_only) {
                     /* intra-only -> PTS = EditUnit.
                      * let utils.c figure out DTS since it can be < PTS if low_delay = 0 (Sony IMX30) */
                     pkt->pts = mxf->current_edit_unit;