[FFmpeg-cvslog] Fix av_packet_split_side_data.

Reimar Döffinger git at videolan.org
Sun Nov 6 09:37:58 CET 2011


ffmpeg | branch: master | Reimar Döffinger <Reimar.Doeffinger at gmx.de> | Sun Nov  6 01:33:31 2011 +0100| [54a09f18e3d1d3f049c72878f1c891ab0336408a] | committer: Reimar Döffinger

Fix av_packet_split_side_data.

p cannot be calculated before av_dup_packet since that one
might change avpkt->data, causing invalid reads and a
non-working range check.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=54a09f18e3d1d3f049c72878f1c891ab0336408a
---

 libavcodec/avpacket.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index ff34285..a4bd442 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -237,10 +237,11 @@ int av_packet_split_side_data(AVPacket *pkt){
     if (!pkt->side_data_elems && pkt->size >12 && AV_RB64(pkt->data + pkt->size - 8) == FF_MERGE_MARKER){
         int i;
         unsigned int size;
-        uint8_t *p= pkt->data + pkt->size - 8 - 5;
+        uint8_t *p;
 
         av_dup_packet(pkt);
 
+        p = pkt->data + pkt->size - 8 - 5;
         for (i=1; ; i++){
             size = AV_RB32(p);
             if (size>INT_MAX || p - pkt->data <= size)



More information about the ffmpeg-cvslog mailing list