[FFmpeg-devel] [PATCH] check for null pointer in nuv decoder (issue 2524)

Reimar Döffinger Reimar.Doeffinger
Mon Jan 24 19:03:50 CET 2011


On Sun, Jan 23, 2011 at 09:06:29PM -0500, Daniel Kang wrote:
> On Mon, Jan 10, 2011 at 7:15 PM, Daniel Kang <daniel.d.kang at gmail.com>wrote:
> 
> >  On Mon, Jan 10, 2011 at 2:30 AM, Reimar D?ffinger <
> > Reimar.Doeffinger at gmx.de> wrote:
> >
> >>  On Sun, Jan 09, 2011 at 10:32:02PM -0500, Daniel Kang wrote:
> >> > In decode_init in the nuv decoder, c->decomp_buf is set to NULL. In most
> >> > cases, this is okay, as the buffer is reallocated. However, for invalid
> >> > nuv files, ffmpeg does not reallocate the buffer. In this case, ffmpeg
> >> > will crash when trying to access the null pointer. The patch attached
> >> > adds a check for this.
> >>
> >> There are other issues, but please try just setting decomp_size to 0
> >> when allocation fails, that should be enough.
> >
> >
> > I have tried only setting decomp_size (and outlen) to 0, but ffmpeg
> > still crashes. av_lzo1x_decode still attempts to write to out even with
> > an invalid buffer.
> 
> Ping because there has been no activity for over a week.

I committed a change that fixes the lzo decoder to respect a size of 0.
I also think that switching to av_fast_malloc should fix several issues
with that code, including this one.



More information about the ffmpeg-devel mailing list