From patchwork Mon May 8 19:08:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zubin Mevawalla X-Patchwork-Id: 3633 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.3.129 with SMTP id 123csp1475575vsd; Tue, 9 May 2017 11:48:13 -0700 (PDT) X-Received: by 10.223.175.214 with SMTP id y22mr956033wrd.63.1494355693565; Tue, 09 May 2017 11:48:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494355693; cv=none; d=google.com; s=arc-20160816; b=ePXbB3EldMmmmL+BQBn+lcSdJt3xt2ztbCI+pvBMBhm+deWC5PzaeieCvvLX5dDcn7 CXIlMUtiilkEBnnlBn4dPPOSpGdKybotqWQyATgslDpY0beRzt3y32w8nfxMy2NVmge1 nQeICNHi2c8PGIIUixzfnWv0a9cPCtuF4/qSs1YMe4f3+jTF2HypjDOy+5zoG2fPDwT1 MfOlz3+d0qRMKN2hpQUqzbrdDSjH2U/Bqn6dRr+NR3QyNaxuioo0scC++AOf6FIQ4+9l FqO/dGItpn0AH1D9aU87XvbDQbZvug6PmZofXdYOKZp9k7upDv6bHZS7sG/1WEgxEM5j 13Jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:to:message-id:date:from:mime-version :dkim-signature:delivered-to:arc-authentication-results; bh=7p0TiYGnNE2HEA7krZ3ij0kixi8EIYjUfE+BVDfORKg=; b=LiDdnfGlPd3P1c3dOhY5Lf7BltS1VVoQfJcpiV+rtHNDjz92hFv6qXlhnfMLt0+F0N i3gxbCk4bUc3HExF7OAUfjgaYaxPAya9IWQ36rAwEl/+CR89RcCsKcfev/BL+zJ3wdrL /RnzqbR4ib84tPVu+HVl01ruO9xPmhiFbRinO1oXHNtOVPn3t3tnhYYsYtWMVFO6SFMc XM6yd84olb8sdCHU3BnIutD/QwOYpZ/gDejZCFfMwfkNpvkRpeWr+A8vkjPzX2iAkbIS CTX3hV0qAR+h/Ax0xzAN1cNvOG3zo9WFJ3NYkhO8QUvW5Umg/4gMsg1+f4xeyXeF8Ryb VAhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@qbitlogic-com.20150623.gappssmtp.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id c9si1764241wmi.12.2017.05.09.11.48.13; Tue, 09 May 2017 11:48:13 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@qbitlogic-com.20150623.gappssmtp.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 212A66882B9; Tue, 9 May 2017 21:48:04 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ua0-f178.google.com (mail-ua0-f178.google.com [209.85.217.178]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 54455680656 for ; Mon, 8 May 2017 22:14:31 +0300 (EEST) Received: by mail-ua0-f178.google.com with SMTP id g49so51163845uaa.1 for ; Mon, 08 May 2017 12:14:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qbitlogic-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=1oWm0//J5HnQLaWSmkKNQDZGGnP/fe4u0KGyP28njos=; b=Jl07yenU3XXYQbOysDr2FtpCekmumtCPoyTgK5GWm10Tpd7FPNgMmGwUBWpBuQWCUn a30FHB7Xu4eBaUiWGi/QY08zBck06JrwfItXcvZ2wSiDix5TAomVvlqkMyfgU3FHEc8I jCCtbagjTUjZtGSH8VCiPpTFi6DcXdbKqsu/b83YYVhx0pGauHUU0MyDtQqcXUDFSFbU +np0J/Rwk55NennBccFOofI9hAo+/f3RIlFxIwAjbqcjD9yItKpalhi2JK7nXbodVNpq RKlosQrJxo0HmrS9shsscLVWHkPW8S5ihQdzv11bm6JO7dI0BP6Xt30K7d8kmApDHTsp c8bQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=1oWm0//J5HnQLaWSmkKNQDZGGnP/fe4u0KGyP28njos=; b=m8KzPzbYjvh2iIWxj7f8+q3o/IYNC4V2LkVhZN8lRhiYy9sTmLmRm/DBzzluhes0JE uiMGbhLqnXTSfLWeMOFtluRk0mipEh5d+PBpHKhnyr105ChFHan0tXMAuzHOVOwrVmS8 gQ4K9+PhpUTPKpKmodiJ0A87TYMZdZyfmgsiqivE7lYP014u1kHqZW7/MSxqynpCj3wd yWSe0rRpKvwM6WHYIxwkMMd4sOuM8WI3B6ZI3SuACyG762YA9jSWWhJEzsIcdROy+Ly7 Wjc8rGU8/HqOgH+MpSY5DwZQLyvR8nODpZYYAU+PPuxie+v7OSMDgioqIohoXe/NnLCS iZXA== X-Gm-Message-State: AODbwcCx8ghKPKib+7OMQ4jLD6MbkZ96MajejDv78s50xsQztBFDV0LH zq2NsHGsyXwCJOEJRGqPQPq1wq37D7tWGYQ= X-Received: by 10.176.71.86 with SMTP id i22mr7367426uac.21.1494270485775; Mon, 08 May 2017 12:08:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.159.35.50 with HTTP; Mon, 8 May 2017 12:08:05 -0700 (PDT) From: Zubin Mevawalla Date: Mon, 8 May 2017 15:08:05 -0400 Message-ID: To: ffmpeg-devel@ffmpeg.org X-Mailman-Approved-At: Tue, 09 May 2017 21:48:03 +0300 Subject: [FFmpeg-devel] Null pointer dereference? X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" I was curious if this is a real null pointer dereference issue? CodeAi, an automated repair tool being developed at Qbit logic, suggested an if-guard in libavformat/rtpdec.c on line 796 having seen a path through the control flow where an array access from `buf` results in a null pointer dereference. If `bufptr` is NULL, and `len` >= 12, then `buf` is initialized to NULL and dereferenced on line 796. } Could I submit this as a patch if it looks alright? Thanks so much, Zubin diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c --- a/libavformat/rtpdec.c +++ b/libavformat/rtpdec.c @@ -793,8 +793,10 @@ static int rtp_parse_one_packet(RTPDemuxContext *s, AVPacket *pkt, if (len < 12) return -1; - if ((buf[0] & 0xc0) != (RTP_VERSION << 6)) + if(buf) { + if ((buf[0] & 0xc0) != (RTP_VERSION << 6)) return -1; + } if (RTP_PT_IS_RTCP(buf[1])) { return rtcp_parse_packet(s, buf, len);