[FFmpeg-devel] lavf/nutenc: Do not call memcmp() with NULL argument

Submitted by Carl Eugen Hoyos on June 30, 2019, 11:12 p.m.

Details

Message ID CAB0OVGope5D1RtGuFW6zBa82_5mJ+erAkUgx+yQEnfDfAJmX6w@mail.gmail.com
State New
Headers show

Commit Message

Carl Eugen Hoyos June 30, 2019, 11:12 p.m.
Hi!

Undefined behaviour was reported in ticket #7981, attached patch tries
to fix it.

Please review, Carl Eugen

Comments

Carl Eugen Hoyos June 30, 2019, 11:12 p.m.
Am Mo., 1. Juli 2019 um 01:12 Uhr schrieb Carl Eugen Hoyos <ceffmpeg@gmail.com>:
>
> Hi!
>
> Undefined behaviour was reported in ticket #7981, attached patch tries

Actually #7980.

> to fix it.
>
> Please review, Carl Eugen
Reimar Döffinger July 2, 2019, 6:29 a.m.
On 01.07.2019, at 01:12, Carl Eugen Hoyos <ceffmpeg@gmail.com> wrote:
> Undefined behaviour was reported in ticket #7981, attached patch tries
> to fix it.

I suspect it makes more sense to check header_len against 0?
And is the NULL pointer really undefined behaviour even if length is 0?
Michael Niedermayer July 2, 2019, 8:49 a.m.
On Tue, Jul 02, 2019 at 08:29:34AM +0200, Reimar Döffinger wrote:
> On 01.07.2019, at 01:12, Carl Eugen Hoyos <ceffmpeg@gmail.com> wrote:
> > Undefined behaviour was reported in ticket #7981, attached patch tries
> > to fix it.
> 
> I suspect it makes more sense to check header_len against 0?

I suggest to check fc->header_idx against 0 because its simpler no
array dereference, would have said that yesterday had my ISP functioned


> And is the NULL pointer really undefined behaviour even if length is 0?

AFAIK yes. (if thats not so alot of people would have said wrong things)
i didnt double check it with the spec though now

thx

[...]

Patch hide | download patch | download mbox

From d77386d4a18d6d749d15516b5eb6df90507bf1eb Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Date: Mon, 1 Jul 2019 01:09:19 +0200
Subject: [PATCH] lavf/nutenc: Do not call memcmp() with NULL argument.

Reported in ticket #7981
---
 libavformat/nutenc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/nutenc.c b/libavformat/nutenc.c
index e9a3bb49db..a3a097aacc 100644
--- a/libavformat/nutenc.c
+++ b/libavformat/nutenc.c
@@ -791,6 +791,7 @@  static int get_needed_flags(NUTContext *nut, StreamContext *nus, FrameCode *fc,
         flags |= FLAG_CHECKSUM;
     if (pkt->size < nut->header_len[fc->header_idx] ||
         (pkt->size > 4096 && fc->header_idx)        ||
+        nut->header[fc->header_idx] &&
         memcmp(pkt->data, nut->header[fc->header_idx],
                nut->header_len[fc->header_idx]))
         flags |= FLAG_HEADER_IDX;
-- 
2.22.0