From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 2774A42AC0 for ; Tue, 11 Jan 2022 13:40:55 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E537D68AB96; Tue, 11 Jan 2022 15:40:52 +0200 (EET) Received: from mail-m974.mail.163.com (mail-m974.mail.163.com [123.126.97.4]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CC2F668803D for ; Tue, 11 Jan 2022 15:40:44 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=vGRaC weozbfOm8OPIc5PdGHp0iIGBzkcD6cxAdCt6dU=; b=PBZB9OAV8CMhzYze7sXFT qoOWm/unC5MAKTu9EBrOJ0QiP+jB7KTqSbjSATWX1+7ZFSolNQQsSGBOJgmVdoTM dZogeBM6yT4/cIOvy7cNlpDidtlbDbz6pcVqQW2pXDzcpDPq1PwKTCXPmW3QO4TF oCNbKlXERBmQ8X2ssMpw6w= Received: from localhost.localdomain (unknown [111.197.238.219]) by smtp4 (Coremail) with SMTP id HNxpCgAn0xvXiN1h04EtFA--.38071S2; Tue, 11 Jan 2022 21:40:40 +0800 (CST) From: yshaw1999@163.com To: ffmpeg-devel@ffmpeg.org Date: Tue, 11 Jan 2022 21:40:38 +0800 Message-Id: <20220111134038.42085-1-yshaw1999@163.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) MIME-Version: 1.0 X-CM-TRANSID: HNxpCgAn0xvXiN1h04EtFA--.38071S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7uF13uF4kZF15try3GF1ftFb_yoW8XF43pr 4a9as2yr1rta45Ar1Dtan5Xr4fXa1kK3y8C34xX34Yy3s5Ar9Yvr90kFWFgFyjgF18uayY 9ws8Xa1UWr1jgaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07j-WrZUUUUU= X-Originating-IP: [111.197.238.219] X-CM-SenderInfo: 51vkt4irzzmqqrwthudrp/1tbiuBmF7FQHOvu-JAAAsB Subject: [FFmpeg-devel] [PATCH] avformat/asfdec_f: init avpacket by av_packet_alloc() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Yang Xiao , yshaw1999@163.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: From: Yang Xiao Pointer member side_data of AVPacket that allocated by stack may be wild pointer. Prevent releasing wild pointers in AVPacket when some functions try to call av_packet_unref() --- libavformat/asfdec_f.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index a8f36ed286..605d9f53a1 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -1433,7 +1433,9 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, { FFFormatContext *const si = ffformatcontext(s); ASFContext *asf = s->priv_data; - AVPacket pkt1, *pkt = &pkt1; + AVPacket *pkt = av_packet_alloc(); + if(!pkt) + return AVERROR(ENOMEM); ASFStream *asf_st; int64_t pts; int64_t pos = *ppos; @@ -1448,13 +1450,16 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, s->packet_size * s->packet_size + si->data_offset; *ppos = pos; - if (avio_seek(s->pb, pos, SEEK_SET) < 0) + if (avio_seek(s->pb, pos, SEEK_SET) < 0) { + av_packet_free(&pkt); return AV_NOPTS_VALUE; + } ff_read_frame_flush(s); asf_reset_header(s); for (;;) { if (av_read_frame(s, pkt) < 0) { + av_packet_free(&pkt); av_log(s, AV_LOG_INFO, "asf_read_pts failed\n"); return AV_NOPTS_VALUE; } @@ -1483,6 +1488,7 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, } *ppos = pos; + av_packet_free(&pkt); return pts; } -- 2.30.1 (Apple Git-130) _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".