diff mbox series

[FFmpeg-devel,3/3] avformat/sierravmd: Don't return packets for non-existing stream

Message ID 20200805233358.31711-3-andreas.rheinhardt@gmail.com
State Accepted
Commit ea8f8d28d096827636f518b6074d31fc472d03c6
Headers show
Series [FFmpeg-devel,1/3] avformat/vividas: Check return value before storing it in smaller type | expand

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Andreas Rheinhardt Aug. 5, 2020, 11:33 p.m. UTC 
It leads to an assert in ff_read_packet().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavformat/sierravmd.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Michael Niedermayer Aug. 6, 2020, 4:42 p.m. UTC | #1 
On Thu, Aug 06, 2020 at 01:33:58AM +0200, Andreas Rheinhardt wrote:
> It leads to an assert in ff_read_packet().
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> ---
>  libavformat/sierravmd.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c
> index 531fc41531..40bcb77986 100644
> --- a/libavformat/sierravmd.c
> +++ b/libavformat/sierravmd.c
> @@ -174,6 +174,8 @@ static int vmd_read_header(AVFormatContext *s)
>              avpriv_set_pts_info(vst, 33, num, den);
>          avpriv_set_pts_info(st, 33, num, den);
>      }
> +    if (!s->nb_streams)
> +        return AVERROR_INVALIDDATA;
>  
>      toc_offset = AV_RL32(&vmd->vmd_header[812]);
>      vmd->frame_count = AV_RL16(&vmd->vmd_header[6]);
> @@ -241,6 +243,8 @@ static int vmd_read_header(AVFormatContext *s)
>                      current_audio_pts++;
>                  break;
>              case 2: /* Video Chunk */
> +                if (!vst)
> +                    break;
>                  vmd->frame_table[total_frames].frame_offset = current_offset;
>                  vmd->frame_table[total_frames].stream_index = vmd->video_stream_index;
>                  vmd->frame_table[total_frames].frame_size = size;

probably ok

thx

[...]
diff mbox series

Patch

diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c
index 531fc41531..40bcb77986 100644
--- a/libavformat/sierravmd.c
+++ b/libavformat/sierravmd.c
@@ -174,6 +174,8 @@  static int vmd_read_header(AVFormatContext *s)
             avpriv_set_pts_info(vst, 33, num, den);
         avpriv_set_pts_info(st, 33, num, den);
     }
+    if (!s->nb_streams)
+        return AVERROR_INVALIDDATA;
 
     toc_offset = AV_RL32(&vmd->vmd_header[812]);
     vmd->frame_count = AV_RL16(&vmd->vmd_header[6]);
@@ -241,6 +243,8 @@  static int vmd_read_header(AVFormatContext *s)
                     current_audio_pts++;
                 break;
             case 2: /* Video Chunk */
+                if (!vst)
+                    break;
                 vmd->frame_table[total_frames].frame_offset = current_offset;
                 vmd->frame_table[total_frames].stream_index = vmd->video_stream_index;
                 vmd->frame_table[total_frames].frame_size = size;