[FFmpeg-devel] [PATCH] avformat/rtsp: Fix dereference after null check

Himangi Saraogi himangi774 at gmail.com
Mon Apr 13 06:40:28 CEST 2015 

On 13 April 2015 at 01:27, Thomas Volkert <silvo at gmx.net> wrote:

>
> Am 12.04.2015 um 21:35 schrieb Himangi Saraogi:
>
>> ---
>> This fixes CID 732219.
>>
>>   libavformat/rtsp.c | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
>> index 42dbe96..c186b99 100644
>> --- a/libavformat/rtsp.c
>> +++ b/libavformat/rtsp.c
>> @@ -802,7 +802,7 @@ int ff_rtsp_open_transport_ctx(AVFormatContext *s,
>> RTSPStream *rtsp_st)
>>       if (!st)
>>           s->ctx_flags |= AVFMTCTX_NOHEADER;
>>   -    if (CONFIG_RTSP_MUXER && s->oformat) {
>> +    if (CONFIG_RTSP_MUXER && s->oformat && st) {
>>           int ret = ff_rtp_chain_mux_open((AVFormatContext
>> **)&rtsp_st->transport_priv,
>>                                           s, st, rtsp_st->rtp_handle,
>>                                           RTSP_TCP_MAX_PACKET_SIZE,
>> @@ -814,7 +814,7 @@ int ff_rtsp_open_transport_ctx(AVFormatContext *s,
>> RTSPStream *rtsp_st)
>>           st->time_base = ((AVFormatContext*)rtsp_st->
>> transport_priv)->streams[0]->time_base;
>>       } else if (rt->transport == RTSP_TRANSPORT_RAW) {
>>           return 0; // Don't need to open any parser here
>> -    } else if (CONFIG_RTPDEC && rt->transport == RTSP_TRANSPORT_RDT)
>> +    } else if (CONFIG_RTPDEC && rt->transport == RTSP_TRANSPORT_RDT &&
>> st)
>>           rtsp_st->transport_priv = ff_rdt_parse_open(s, st->index,
>>                                               rtsp_st->dynamic_protocol_
>> context,
>>                                               rtsp_st->dynamic_handler);
>>
> LGTM, this addresses the problem which was resported by coverity scan.
>
> But I think this is only a part of the complete solution. If "st" is NULL,
> it would also crash inside "ff_rtp_parse_open()"


I had checked for that, but ff_rtp_parse_open does a null test before using
"st" and hence probably avoids a crash.


> (espec., if H.264 or G.722 are used).
> Could you also fix this in a separate patch? Maybe you can also rearrange
> the "if" checks/branches and remove some duplicated conditions in the code.
>
>
I was planning on that when I saw these if branches!


> Best regards,
> Thomas.
>
>
> Thanks,
Himangi

>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>

More information about the ffmpeg-devel mailing list