[FFmpeg-cvslog] avutil/frame: Copy size=0 side data in ff_init_buffer_info()
Michael Niedermayer
git at videolan.org
Wed Nov 16 22:26:29 EET 2016
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Nov 16 20:32:26 2016 +0100| [2acee08a4a53b6c8f5fc160e6d6da92f77208a06] | committer: Michael Niedermayer
avutil/frame: Copy size=0 side data in ff_init_buffer_info()
Fixes null pointer dereference
Fixes: 189/FOO
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2acee08a4a53b6c8f5fc160e6d6da92f77208a06
---
libavutil/frame.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavutil/frame.c b/libavutil/frame.c
index 53e6174..9050946 100644
--- a/libavutil/frame.c
+++ b/libavutil/frame.c
@@ -349,6 +349,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
wipe_side_data(dst);
return AVERROR(ENOMEM);
}
+ if (sd_src->buf) {
sd_dst->buf = av_buffer_ref(sd_src->buf);
if (!sd_dst->buf) {
wipe_side_data(dst);
@@ -356,6 +357,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
}
sd_dst->data = sd_dst->buf->data;
sd_dst->size = sd_dst->buf->size;
+ }
}
av_dict_copy(&sd_dst->metadata, sd_src->metadata, 0);
}
More information about the ffmpeg-cvslog
mailing list