From patchwork Tue Jan 11 02:30:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: YuTong Song <13102179620@163.com> X-Patchwork-Id: 33199 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp3293101iog; Mon, 10 Jan 2022 18:30:45 -0800 (PST) X-Google-Smtp-Source: ABdhPJx9XHK83WCArF67JwNV63ElNy92T5AgZgMrXNScMy6VmiNGRVwqi6WD8of8cEK27RSC9Krj X-Received: by 2002:aa7:d59a:: with SMTP id r26mr2341745edq.199.1641868245619; Mon, 10 Jan 2022 18:30:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1641868245; cv=none; d=google.com; s=arc-20160816; b=zore3gEFEkeEaubDtn9GnM2ytyI7RVE++YzXFw1JP5NtgibufoTm3GVlWnxyHso2Xg PGWTEdBCb9lYlzCIUQ/QMUDKJ45u6YcgwBnJxQvqu8oSJO0aSRnjk+62EVYlT97LXCpb iqnxj5MWLhVkW0CicS4iGNqTKV4kwAtWyNPdGj1VEu2kIxiXu7riUAmjaU7d2kQ+Hyte V2SnBKo9afQHaznbRL7InahIyGEzUfae2y7mJlxJURdxVFanq71gK0g6B2DpV8v7utPH HV693QxR4hNb6k2PngipvLboxq9pUH6GahsqZ0qATslx9Gu2SxuSE7TK7d2R6CtdXUuS jppA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=jEdosNTlclsJ6N7KdNwW8isFCcQcOuL4EN8u8J3ZrfA=; b=A1SQFd5N/uvca2jY4BF2cUgYG7DgRBDgpHoqg6grYfyrIer2lYAz8VwbuyYHKVfiMg TTbyFjSY+AfVLi/miPizx/fAHlet0JG4kTB7X1TKvAvSucikRWwlAJvqL47MubpRRzK8 upy+Di49H6YErcdCODvhK+kAlkYxI01Kb+hVFGdVT4mwaXA48pm+bQ6ETzsf22qtpZZJ YnNTlOLPz/lh+B83n9sgWZvwwrTluTWWFh85LBh9PVk+wDD2XKVfVb99CmllHGy3tWfZ Ncu6r1QpT6F8QgEwesxZxREsUN/i/7Zjck/oMdnQOTI/CF6PX70/gge7W7q/LExw5KIF tyNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=bbclqyPy; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id dz21si5372939edb.49.2022.01.10.18.30.44; Mon, 10 Jan 2022 18:30:45 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=bbclqyPy; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5836D68ACA5; Tue, 11 Jan 2022 04:30:41 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-m975.mail.163.com (mail-m975.mail.163.com [123.126.97.5]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7EC5568030F for ; Tue, 11 Jan 2022 04:30:33 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=pMRCy 1kGMJJ6ySeg7r4lWezHvoAgf19AUnOHm8d5bww=; b=bbclqyPy6NYLa+WMIzZSI f1fPgYy0jl4LszyMe2LDlvz7aJcEQCVYbgnX4YzZ7HNXjZS3tdE1upMNvHdASYPH oPGO5X97pBaprp3Z9pXN1cYSrAf5/l1P7YpKo4R6N74oEcUSX2DS034WEcZBTlmk TO8BQhYy9M/UUssfcADSY0= Received: from localhost.localdomain (unknown [103.107.216.225]) by smtp5 (Coremail) with SMTP id HdxpCgCngfHF69xhJMH2Ew--.27945S2; Tue, 11 Jan 2022 10:30:29 +0800 (CST) From: 13102179620@163.com To: ffmpeg-devel@ffmpeg.org Date: Tue, 11 Jan 2022 10:30:25 +0800 Message-Id: <20220111023025.72632-1-13102179620@163.com> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 X-CM-TRANSID: HdxpCgCngfHF69xhJMH2Ew--.27945S2 X-Coremail-Antispam: 1Uf129KBjvdXoWrtrWxWw17WF1xXw1rKrW7urg_yoWftrX_Ka s3ArsrJryYyF9rtw1q9F4kJFW5Kw4kWFZavr15Zr9aq3yfX3s5Wa4kurs5X3Z5Jr4Yvrsx t34Skr1rJwna9jkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUb6BT7UUUUU== X-Originating-IP: [103.107.216.225] X-CM-SenderInfo: jprtiiisrxmlisq6il2tof0z/1tbipROFj1UMipTFPQABsC Subject: [FFmpeg-devel] [PATCH] avformat/asfdec: init avpacket by av_packet_alloc() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Yang Xiao Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: ORFW85uJgv2r From: Yang Xiao This commit fixed a crash when seeking wma frames, asf decoder will try to demux in function asf_read_pts(). Pointer member side_data of AVPacket that allocated by stack may be wild pointer. Prevent releasing wild pointers in AVPacket when some functions try to call av_packet_unref, example av_read_frame(). --- libavformat/asfdec_f.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index a8f36ed286..8cf953830e 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -1433,7 +1433,7 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, { FFFormatContext *const si = ffformatcontext(s); ASFContext *asf = s->priv_data; - AVPacket pkt1, *pkt = &pkt1; + AVPacket *pkt = av_packet_alloc(); ASFStream *asf_st; int64_t pts; int64_t pos = *ppos;