[FFmpeg-cvslog] avformat/webmdashenc: Don't segfault on invalid arguments

[Andreas Rheinhardt]

ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Mon May 18 04:43:25 2020 +0200| [1e689518d508b96f2a6a6f3bbbb43f00eaf87d01] | committer: Andreas Rheinhardt

avformat/webmdashenc: Don't segfault on invalid arguments

The current parsing process for adaptation_sets does not guarantee
every adaptation set to contain at least one stream, because the loop
exits immediately as soon as the end of the string has been reached,
without checking whether the currently active adaptation set group is
lacking a stream. This would lead to segfaults lateron as the rest of
the code presumed that every adaptation set contains a stream. This
commit fixes this by erroring out when the last adaptation set group
is incomplete.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e689518d508b96f2a6a6f3bbbb43f00eaf87d01
---

 libavformat/webmdashenc.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libavformat/webmdashenc.c b/libavformat/webmdashenc.c
index fd07b3e34a..3101e0a039 100644
--- a/libavformat/webmdashenc.c
+++ b/libavformat/webmdashenc.c
@@ -437,8 +437,13 @@ static int parse_adaptation_sets(AVFormatContext *s)
     }
     // syntax id=0,streams=0,1,2 id=1,streams=3,4 and so on
     state = new_set;
-    while (p < w->adaptation_sets + strlen(w->adaptation_sets)) {
-        if (state == new_set && *p == ' ') {
+    while (1) {
+        if (*p == '\0') {
+            if (state == new_set)
+                break;
+            else
+                return AVERROR(EINVAL);
+        } else if (state == new_set && *p == ' ') {
             p++;
             continue;
         } else if (state == new_set && !strncmp(p, "id=", 3)) {