[FFmpeg-devel] [PATCH] check for null pointer in nuv decoder (issue 2524)

Reimar Döffinger Reimar.Doeffinger
Mon Jan 24 19:38:20 CET 2011


On Mon, Jan 24, 2011 at 07:03:50PM +0100, Reimar D?ffinger wrote:
> On Sun, Jan 23, 2011 at 09:06:29PM -0500, Daniel Kang wrote:
> > On Mon, Jan 10, 2011 at 7:15 PM, Daniel Kang <daniel.d.kang at gmail.com>wrote:
> > 
> > >  On Mon, Jan 10, 2011 at 2:30 AM, Reimar D?ffinger <
> > > Reimar.Doeffinger at gmx.de> wrote:
> > >
> > >>  On Sun, Jan 09, 2011 at 10:32:02PM -0500, Daniel Kang wrote:
> > >> > In decode_init in the nuv decoder, c->decomp_buf is set to NULL. In most
> > >> > cases, this is okay, as the buffer is reallocated. However, for invalid
> > >> > nuv files, ffmpeg does not reallocate the buffer. In this case, ffmpeg
> > >> > will crash when trying to access the null pointer. The patch attached
> > >> > adds a check for this.
> > >>
> > >> There are other issues, but please try just setting decomp_size to 0
> > >> when allocation fails, that should be enough.
> > >
> > >
> > > I have tried only setting decomp_size (and outlen) to 0, but ffmpeg
> > > still crashes. av_lzo1x_decode still attempts to write to out even with
> > > an invalid buffer.
> > 
> > Ping because there has been no activity for over a week.
> 
> I committed a change that fixes the lzo decoder to respect a size of 0.
> I also think that switching to av_fast_malloc should fix several issues
> with that code, including this one.

Confirmed to work (note the other issue this fixes is a memleak on
realloc failure) and applied.



More information about the ffmpeg-devel mailing list