[FFmpeg-devel] [PATCH] pngdec: check if previous frame exists instead of trusting sequence_number

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Sun Nov 27 00:36:48 EET 2016


On 26.11.2016 01:53, Michael Niedermayer wrote:
> On Fri, Nov 25, 2016 at 10:13:06PM +0100, Andreas Cadhalpun wrote:
>> This fixes a segmentation fault caused by calling memcpy with NULL as
>> second argument in handle_p_frame_apng.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>>  libavcodec/pngdec.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
>> index 36275ae..a7b330b 100644
>> --- a/libavcodec/pngdec.c
>> +++ b/libavcodec/pngdec.c
>> @@ -922,7 +922,7 @@ static int decode_fctl_chunk(AVCodecContext *avctx, PNGDecContext *s,
>>          return AVERROR_INVALIDDATA;
>>      }
>>  
>> -    if (sequence_number == 0 && dispose_op == APNG_DISPOSE_OP_PREVIOUS) {
>> +    if (!s->previous_picture.f->data[0] && dispose_op == APNG_DISPOSE_OP_PREVIOUS) {
>>          // No previous frame to revert to for the first frame
>>          // Spec says to just treat it as a APNG_DISPOSE_OP_BACKGROUND
>>          dispose_op = APNG_DISPOSE_OP_BACKGROUND;
> 
> wont this be different when seeking back to the
> first frame ?
> is that intended ?

I don't think the apng demuxer supports seeking.
But it shouldn't hurt to check both sequence_number and the previous frame.
Updated patch is attached.

Best regards,
Andreas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-pngdec-check-if-previous-frame-exists-instead-of-tru.patch
Type: text/x-diff
Size: 1189 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161126/c0b81af0/attachment.patch>


More information about the ffmpeg-devel mailing list