[FFmpeg-devel] [PATCH] prevent segfault when parsing corrupt DV

Dan Dennedy dan
Sun Jan 4 21:57:24 CET 2009

I have a sample capture.dv file that is ~18MB if needed, but it is an
obvious problem. dv_demux->sys is often assigned when
dv_produce_packet gets called just below the code in the patch below.
If the stream is very corrupt, it may be set NULL in
dv_produce_packets and then used here.

Index: libavformat/dv.c
--- libavformat/dv.c    (revision 16313)
+++ libavformat/dv.c    (working copy)
@@ -430,6 +430,8 @@
     size = dv_get_packet(c->dv_demux, pkt);

     if (size < 0) {
+        if (!c->dv_demux->sys)
+            return AVERROR(EIO);
         size = c->dv_demux->sys->frame_size;
         if (get_buffer(s->pb, c->buf, size) <= 0)
             return AVERROR(EIO);

More information about the ffmpeg-devel mailing list