[FFmpeg-devel] [PATCH 1/5] avformat/dashenc: fix invalid pointer access if avio_get_dyn_buf failed
    Limin Wang 
    lance.lmwang at gmail.com
       
    Wed Apr 29 18:27:02 EEST 2020
    
    
  
On Wed, Apr 29, 2020 at 05:18:18PM +0200, Nicolas George wrote:
> lance.lmwang at gmail.com (12020-04-29):
> > From: Limin Wang <lance.lmwang at gmail.com>
> > 
> > If an error occurs, avio_get_dyn_buf() will return 0 and buf is NULL, so it's necessary to check
> > the return value for the following code will access the buf pointer with index. In addition,
> > the buf len should be greater than written_len to avoid the buffer overflow access.
> > 
> > Signed-off-by: Limin Wang <lance.lmwang at gmail.com>
> > ---
> >  libavformat/dashenc.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> And if the allocation fails, the data is silently discarded. Seems
> broken. Did you test your change?
yes, avio_write can process zero len with NULL pointer, but here it'll use buf+written_len, so
it's invalid access I think. So what's the broken? Maybe I haven't catch your point.
> 
> Regards,
> 
> -- 
>   Nicolas George
-- 
Thanks,
Limin Wang
    
    
More information about the ffmpeg-devel
mailing list