From patchwork Tue Jul 21 02:12:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 21210 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 81D6244B6A8 for ; Tue, 21 Jul 2020 05:12:44 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6B58368BAF3; Tue, 21 Jul 2020 05:12:44 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ed1-f68.google.com (mail-ed1-f68.google.com [209.85.208.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 386C268BAC7 for ; Tue, 21 Jul 2020 05:12:36 +0300 (EEST) Received: by mail-ed1-f68.google.com with SMTP id n2so14174967edr.5 for ; Mon, 20 Jul 2020 19:12:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=DCoR2wtPXpDrs/d/W/B4el1vh/l6zEekD6hp0mqSxRs=; b=tvNOAvpxB9k0n7VKcDH8yju3BW/mc5at531f7ib0kDDBM+Quc3t6JkCkpVMvEKWPqc I/L3AflEpjRLQmPkMZ8ityhd4GsKMi+z3zquE6PX69iU7fpbyu0bZa7UEUnQdx29Pz0T AMoPOLkYHIjYxSkKuKHq6V4oeN0LaVJa6IPzb7SLWgpKXJQYk8aZkEhoVIoI8Q8HK6NK W5yLbIAVp/0oixO9Hkg7q1kZ+z3yXh9KpbBLp5+hxeysGbyhoHL/IByeYdsZcKup+b+D kSCwvt1/ziGEU+9tMkFMHOE0ySZA8QRYlLJd/d9XfpRqvf2Imt5xe34umDsZ/39YQoD9 rEOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DCoR2wtPXpDrs/d/W/B4el1vh/l6zEekD6hp0mqSxRs=; b=jjLs1N/I/kKro94T1YFq3xbn7DycJcHWfhnRAbSceFKEQjfPTnLHJ6Ee5sSFBlIbTI RpS/8f3rcWw9GEjZ7cGVb5YJbFhGHFWBPp8miEeF7c27ABa0vRPllndZ5yl8u9iA3rOF 1CzexISdfkutzkxFmDMM4FwXi4sOLKK367X3R2aoncndZaW67MTkyTImptKU+qdk5R4h ls/c6TxAACe7GaSFpptkfChDReUCBrZbFVQp4WoDBrkmqk1cv1XY7FV4u/iXaKusN4tj Tg7fA3vLY4Ijb9CIO9MeNq88UoQWP1K8v1535QDReuBo+iHxA18k1h7pCxnQ00SORGXY 4Dhw== X-Gm-Message-State: AOAM5312d81T1oN3spQ7Lvq9BGjOaBeUnK1MLfA/9h96uAs/kD5Nc5FY BUIYoun2rc+EIonlhO6S1ndZPtpW X-Google-Smtp-Source: ABdhPJwGPo4VPijZquAhr69hJqeteqRuzaiRgt+EUCbajvg4WWPVsQ7nV1TXX2pLsvJfM7NLZwgJYA== X-Received: by 2002:a05:6402:d06:: with SMTP id eb6mr14668398edb.211.1595297555046; Mon, 20 Jul 2020 19:12:35 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc10296.dynamic.kabel-deutschland.de. [188.193.2.150]) by smtp.gmail.com with ESMTPSA id p9sm15528563ejd.50.2020.07.20.19.12.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 19:12:34 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Tue, 21 Jul 2020 04:12:11 +0200 Message-Id: <20200721021215.32647-3-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200719204755.32269-1-andreas.rheinhardt@gmail.com> References: <20200719204755.32269-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 5/9] avformat/rmdec: Fix potential crash on allocation failure X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The RealMedia demuxer uses the priv_data of its streams to store a structure containing an AVPacket. These packets are unreferenced in the read_close function, yet said function simply presumed that the priv_data has been successfully allocated. This implies that it mustn't be called when an allocation of priv_data fails; but this can happen since commit 35bbc1955a58ba74552c50d9161084644f00bbd3 if one has a stream with multiple substreams (also exported as AVStream) and if allocating the priv_data for one of these substreams fails. This has been fixed by making sure that read_close can handle the case in which priv_data has not been successfully allocated. Signed-off-by: Andreas Rheinhardt --- This here is another reason why every demuxer needs to be carefully checked for whether it is compatible with calling read_close automatically. libavformat/rmdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 6851b7e1f4..72b8dba741 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -115,6 +115,9 @@ RMStream *ff_rm_alloc_rmstream (void) void ff_rm_free_rmstream (RMStream *rms) { + if (!rms) + return; + av_packet_unref(&rms->pkt); }