[FFmpeg-devel] [PATCH] rmdec.c: prevent zero-length packets

Ronald S. Bultje rsbultje
Tue Mar 17 00:06:33 CET 2009


re: Mans' patch and some more looking at rmdec.c, I think we've never
really addressed the theoretical possibility of zero-length (empty)
packets. I don't think any sane file would use them, but they wouldn't
be invalid and would probably still lead to a crash because st is
uninitialized right now. Just for the sake of preventing any
theoretical exploits, I propose the attached patch.

-------------- next part --------------
Index: libavformat/rmdec.c
--- libavformat/rmdec.c	(revision 18019)
+++ libavformat/rmdec.c	(working copy)
@@ -780,6 +780,8 @@
             if(len<0 || url_feof(s->pb))
                 return AVERROR(EIO);
+            else if (len == 0)
+                continue;
             old_flags = flags;
             res = ff_rm_parse_packet (s, s->pb, st, st->priv_data, len, pkt,

More information about the ffmpeg-devel mailing list