[FFmpeg-devel] [PATCH] avformat/rtsp: Fix dereference after null check
Thomas Volkert
silvo at gmx.net
Sun Apr 12 21:57:19 CEST 2015
Am 12.04.2015 um 21:35 schrieb Himangi Saraogi:
> ---
> This fixes CID 732219.
>
> libavformat/rtsp.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
> index 42dbe96..c186b99 100644
> --- a/libavformat/rtsp.c
> +++ b/libavformat/rtsp.c
> @@ -802,7 +802,7 @@ int ff_rtsp_open_transport_ctx(AVFormatContext *s, RTSPStream *rtsp_st)
> if (!st)
> s->ctx_flags |= AVFMTCTX_NOHEADER;
>
> - if (CONFIG_RTSP_MUXER && s->oformat) {
> + if (CONFIG_RTSP_MUXER && s->oformat && st) {
> int ret = ff_rtp_chain_mux_open((AVFormatContext **)&rtsp_st->transport_priv,
> s, st, rtsp_st->rtp_handle,
> RTSP_TCP_MAX_PACKET_SIZE,
> @@ -814,7 +814,7 @@ int ff_rtsp_open_transport_ctx(AVFormatContext *s, RTSPStream *rtsp_st)
> st->time_base = ((AVFormatContext*)rtsp_st->transport_priv)->streams[0]->time_base;
> } else if (rt->transport == RTSP_TRANSPORT_RAW) {
> return 0; // Don't need to open any parser here
> - } else if (CONFIG_RTPDEC && rt->transport == RTSP_TRANSPORT_RDT)
> + } else if (CONFIG_RTPDEC && rt->transport == RTSP_TRANSPORT_RDT && st)
> rtsp_st->transport_priv = ff_rdt_parse_open(s, st->index,
> rtsp_st->dynamic_protocol_context,
> rtsp_st->dynamic_handler);
LGTM, this addresses the problem which was resported by coverity scan.
But I think this is only a part of the complete solution. If "st" is
NULL, it would also crash inside "ff_rtp_parse_open()" (espec., if H.264
or G.722 are used).
Could you also fix this in a separate patch? Maybe you can also
rearrange the "if" checks/branches and remove some duplicated conditions
in the code.
Best regards,
Thomas.
More information about the ffmpeg-devel
mailing list