| Message ID | 1511745174-22013-1-git-send-email-bianpan2016@163.com |
|---|---|
| State | New |
| Headers | show |
On 27 November 2017 at 01:12, Pan Bian <bianpan2016@163.com> wrote: > The function avformat_alloc_context() will return a NULL pointer on > failure. However, in function read_ffserver_streams(), its return value > is not validated and the subsequent dereference may result in a bad > memory access bug. Check its return value against NULL and avoid > potential NULL dereference. > > Signed-off-by: Pan Bian <bianpan2016@163.com> > --- > fftools/ffmpeg_opt.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c > index 9445a2d..7e51c5a 100644 > --- a/fftools/ffmpeg_opt.c > +++ b/fftools/ffmpeg_opt.c > @@ -2000,6 +2000,8 @@ static int read_ffserver_streams(OptionsContext *o, > AVFormatContext *s, const ch > { > int i, err; > AVFormatContext *ic = avformat_alloc_context(); > + if (!ic) > + return AVERROR(ENOMEM); > > ic->interrupt_callback = int_cb; > err = avformat_open_input(&ic, filename, NULL, NULL); > -- > 1.9.1 > > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > Pointless as ffserver's getting removed in a day or two
On Mon, Nov 27, 2017 at 01:23:24AM +0000, Rostislav Pehlivanov wrote: > On 27 November 2017 at 01:12, Pan Bian <bianpan2016@163.com> wrote: > > > The function avformat_alloc_context() will return a NULL pointer on > > failure. However, in function read_ffserver_streams(), its return value > > is not validated and the subsequent dereference may result in a bad > > memory access bug. Check its return value against NULL and avoid > > potential NULL dereference. > > > > Signed-off-by: Pan Bian <bianpan2016@163.com> > > --- > > fftools/ffmpeg_opt.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c > > index 9445a2d..7e51c5a 100644 > > --- a/fftools/ffmpeg_opt.c > > +++ b/fftools/ffmpeg_opt.c > > @@ -2000,6 +2000,8 @@ static int read_ffserver_streams(OptionsContext *o, > > AVFormatContext *s, const ch > > { > > int i, err; > > AVFormatContext *ic = avformat_alloc_context(); > > + if (!ic) > > + return AVERROR(ENOMEM); > > > > ic->interrupt_callback = int_cb; > > err = avformat_open_input(&ic, filename, NULL, NULL); > > -- > > 1.9.1 > > > > > > _______________________________________________ > > ffmpeg-devel mailing list > > ffmpeg-devel@ffmpeg.org > > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > > > Pointless as ffserver's getting removed in a day or two will apply anyway. if its removed, it will have one bug less in the last revission which anyone who wanted to use it or wanted to work on it would start with. [...]
diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c index 9445a2d..7e51c5a 100644 --- a/fftools/ffmpeg_opt.c +++ b/fftools/ffmpeg_opt.c @@ -2000,6 +2000,8 @@ static int read_ffserver_streams(OptionsContext *o, AVFormatContext *s, const ch { int i, err; AVFormatContext *ic = avformat_alloc_context(); + if (!ic) + return AVERROR(ENOMEM); ic->interrupt_callback = int_cb; err = avformat_open_input(&ic, filename, NULL, NULL);
The function avformat_alloc_context() will return a NULL pointer on failure. However, in function read_ffserver_streams(), its return value is not validated and the subsequent dereference may result in a bad memory access bug. Check its return value against NULL and avoid potential NULL dereference. Signed-off-by: Pan Bian <bianpan2016@163.com> --- fftools/ffmpeg_opt.c | 2 ++ 1 file changed, 2 insertions(+)