From patchwork Tue Jan 11 13:40:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: XiaoYang X-Patchwork-Id: 33233 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp3708324iog; Tue, 11 Jan 2022 05:40:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJy5LqKvJvgOuW7kG7Ib1UfdTmsKW2m1mHAsO5A4q2LnztEJkfiZvK+Sx+GDpmb8Y5YVBPAH X-Received: by 2002:a17:906:8981:: with SMTP id gg1mr2316419ejc.382.1641908457936; Tue, 11 Jan 2022 05:40:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1641908457; cv=none; d=google.com; s=arc-20160816; b=A0/4aNXaz2RC82yJj8Jr8ygKr5uJXKg5IK5+1yJ45fNnvRyrODbLxWdyzRuChplhWn UPUVs+bbu7h7NOjIiZhbMYPkraE0WFuZ4NgFkaWanLCC2qM263h/ieENOyiFFHd3Oh8U hKoFYqefvpS0X6fokdGDJpZ27i+qcWQH0ldh9cMyREnFv2K3Uc3YvBbQQ8jVDzWnED45 Q4TSWNY7Tmn96WhS7I1kKf+NaoiX+bHkX1MCpX3ZdHtL/8jncSei6rqny4rwQ7Gtja4D nk+fHohQGlQIA4RHFkkFDPaZwbr7RIMsYsXCfXQ1gxEp1PXREYaTT3IsmoxasJue63h+ gAlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=8Hi1IYNOxBpw/HKP1jGe6wUnlCPsrjUNrKljgEZcsRs=; b=IMGwgpCwrtDOsBbFb49FJKlP0291X9w0uIDdUtMqcvQMitJlRR7HSSbgfhRP1/5iWG RJeKy3iyh4OPkSh2mXk7KNtC+nwjUwqOJcmpUw7MPr7zjPXbYJ9XReh1Ay9K0lgs39j1 dwjSPJzfkn5wBOfU5GuFaX+c6A+Hi8m4nU1HSM/dAZqAN8IAS7zuC1GS5aEBNTv/jEdQ OhMSWTNeYutUQwqBZ/NhJUO7qPQfJ22d0ph562vLxwV5EB0f2oNEnhPGJ5NPbZ7UCtJ1 bGwCWnz7GkSFcYNxU3zujC+OXVXcyTGsmsELTIg00C6C0OUouw+RyoqA2Nrmnt95n3wF sNNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=PBZB9OAV; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id hd41si5142946ejc.817.2022.01.11.05.40.56; Tue, 11 Jan 2022 05:40:57 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=PBZB9OAV; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2EC4568ACF5; Tue, 11 Jan 2022 15:40:53 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-m974.mail.163.com (mail-m974.mail.163.com [123.126.97.4]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CC2F668803D for ; Tue, 11 Jan 2022 15:40:44 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=vGRaC weozbfOm8OPIc5PdGHp0iIGBzkcD6cxAdCt6dU=; b=PBZB9OAV8CMhzYze7sXFT qoOWm/unC5MAKTu9EBrOJ0QiP+jB7KTqSbjSATWX1+7ZFSolNQQsSGBOJgmVdoTM dZogeBM6yT4/cIOvy7cNlpDidtlbDbz6pcVqQW2pXDzcpDPq1PwKTCXPmW3QO4TF oCNbKlXERBmQ8X2ssMpw6w= Received: from localhost.localdomain (unknown [111.197.238.219]) by smtp4 (Coremail) with SMTP id HNxpCgAn0xvXiN1h04EtFA--.38071S2; Tue, 11 Jan 2022 21:40:40 +0800 (CST) From: yshaw1999@163.com To: ffmpeg-devel@ffmpeg.org Date: Tue, 11 Jan 2022 21:40:38 +0800 Message-Id: <20220111134038.42085-1-yshaw1999@163.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) MIME-Version: 1.0 X-CM-TRANSID: HNxpCgAn0xvXiN1h04EtFA--.38071S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7uF13uF4kZF15try3GF1ftFb_yoW8XF43pr 4a9as2yr1rta45Ar1Dtan5Xr4fXa1kK3y8C34xX34Yy3s5Ar9Yvr90kFWFgFyjgF18uayY 9ws8Xa1UWr1jgaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07j-WrZUUUUU= X-Originating-IP: [111.197.238.219] X-CM-SenderInfo: 51vkt4irzzmqqrwthudrp/1tbiuBmF7FQHOvu-JAAAsB Subject: [FFmpeg-devel] [PATCH] avformat/asfdec_f: init avpacket by av_packet_alloc() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Yang Xiao , yshaw1999@163.com Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: zzxOnK5DE+bD From: Yang Xiao Pointer member side_data of AVPacket that allocated by stack may be wild pointer. Prevent releasing wild pointers in AVPacket when some functions try to call av_packet_unref() --- libavformat/asfdec_f.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index a8f36ed286..605d9f53a1 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -1433,7 +1433,9 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, { FFFormatContext *const si = ffformatcontext(s); ASFContext *asf = s->priv_data; - AVPacket pkt1, *pkt = &pkt1; + AVPacket *pkt = av_packet_alloc(); + if(!pkt) + return AVERROR(ENOMEM); ASFStream *asf_st; int64_t pts; int64_t pos = *ppos; @@ -1448,13 +1450,16 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, s->packet_size * s->packet_size + si->data_offset; *ppos = pos; - if (avio_seek(s->pb, pos, SEEK_SET) < 0) + if (avio_seek(s->pb, pos, SEEK_SET) < 0) { + av_packet_free(&pkt); return AV_NOPTS_VALUE; + } ff_read_frame_flush(s); asf_reset_header(s); for (;;) { if (av_read_frame(s, pkt) < 0) { + av_packet_free(&pkt); av_log(s, AV_LOG_INFO, "asf_read_pts failed\n"); return AV_NOPTS_VALUE; } @@ -1483,6 +1488,7 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, } *ppos = pos; + av_packet_free(&pkt); return pts; }