From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 5792041247 for ; Wed, 16 Feb 2022 07:32:25 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 81CD168B237; Wed, 16 Feb 2022 09:32:23 +0200 (EET) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05olkn2092.outbound.protection.outlook.com [40.92.89.92]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4B9CB68AF9F for ; Wed, 16 Feb 2022 09:32:17 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Mjp3rcwBuX9KaYkI5BuGucB4u8YzorTC1GPk201NnDdNNL3G1PV9pw6vYD32jS3ljea982BMi6GfHypGifmNT8PRNJUTVWRhkB5lpGj9HxQ2E1gG72DET5S3ReswiddkkeuoxH6Feh2fJABlJZvk9DOCr6cl4N0G+mbxkxDixyJy0VRNm2Zshb+wvvjnI9WFCZW3iva0ZGnXmxtgtzMBIg2cVqoqBbH7eYvVE7rzJD6NwRJND2kDn7jT6wm6iDbGtRyoBzup9CALWqdBQMJGeki/UUHcT9VlAWhfHTxScQoNJY+JiJ6CFJm37WBaMhJRxXX9xZ8y6c19lFZOCl0B/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FQR04hOGFHnMSGOhjG4wwjg5n6I9sv2Q24y8IS/DuzU=; b=F78zc135CHU6+pKwotzY4LFACDL9SfzlPXEx5QzQi7iYJ70K+0NtYDABw+o8KAIGWHOo9ENX9c5s5rWZ3SK4aDvB4tzbJ8dTyUNYq1e9trvYBunW4IM7Uap/Q7BpcQgOdHk9KB4yuUe1CDXD2EKIiqAsh939INhzMG0VZtvyk12LpEIeRv9nv5Vhns5gi+dIIY/qz5aGCVhCx0QVWe2nzb61h7bclMkvIkmHEAw4Va4gX+62w9guxVtMInfFrEU89NSRQj8Q67v4DToM9SiaKXzrIHz/inS0/twJkseqOtsO2hr1Zx/mfxpbRcso70Zt2+jKI6uKkJIoBKuxbrzZBA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FQR04hOGFHnMSGOhjG4wwjg5n6I9sv2Q24y8IS/DuzU=; b=jCqBJzT8ANjFiIOklWJBBkyV6viKPtiCj5wSTWlb/O5YBVHAECysh3Ey+OfIb2mmBNqHSiMa4V9Q+JHnBWcfl/Vr+kV5uyn9iTVoDhb7MrzV9ISCgIEANY+ktisrThtbHnDlU9QvIhyfkU9WXFfvXNwiZhiFlCy5P3c33j89llIctlM/jmXWfIuHx/RolIueb13kOR9p20vh+De8UhBynKMHGAvPmrTCmxHETuVjBaaNrpBihWe+kcgXfAzmtNF0QtHcxgfuqLQ+KQqXHK+9YQ8dOstNbF7whNMY+tuabqjyynk0XXdhzPKAIinIbu1+1KJ/zouNJjE7ZPkr4HflCA== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by DB6PR0301MB2568.eurprd03.prod.outlook.com (2603:10a6:4:5b::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.15; Wed, 16 Feb 2022 07:32:15 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::b8d3:effd:9a3c:4090]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::b8d3:effd:9a3c:4090%4]) with mapi id 15.20.4995.016; Wed, 16 Feb 2022 07:32:15 +0000 Message-ID: Date: Wed, 16 Feb 2022 08:32:13 +0100 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20220216070506.1834664-1-jiasheng@iscas.ac.cn> From: Andreas Rheinhardt In-Reply-To: <20220216070506.1834664-1-jiasheng@iscas.ac.cn> X-TMN: [Uv6bhI6B0m8UPA/jrliaoUB4n6OTsMkb] X-ClientProxiedBy: AM6PR05CA0024.eurprd05.prod.outlook.com (2603:10a6:20b:2e::37) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 35dc5de7-6599-49c6-093a-08d9f11e73ff X-MS-TrafficTypeDiagnostic: DB6PR0301MB2568:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3DOYImjgvDLA4VFfrXcA65ElKtkfiewf+VTk5tSQsEh8+BMkkrwZ4hEjzLQn+4962yT9KM0+IJGUvUeq9ImkwiEX08sMiXhGFQBlkzgUeo2sScZxCr1bYZCGzR8MEzKLjoFqtookmsLpzGgLw5IQqJvqPryqravUEHxiWnPVH0snkUBUWcnDjw4jExLGWSehRn8DfEuq3KVl1gxKRmHtR+mrWd0MdqtO3CWhkSFZinSrH/6Ckcna77L6llK+PCzzPYRYZdr041d66wQcoNqRwUMH9PlwH5Qc3lIBgHKFGX8hsj8DluJDmoAeqsaCL46JNgf6dtzAd6z1zOUtEBWe/GppsK0+XPvBMyeZA8E2VzPNTPokYqabsioewwDdtQrYuCNMN1o800SzC2UiuVRBdcuMCe6fdbz5xiesBSqF3v/s535vXijgMKnAxhnyUTwULhuAJQQpTb6YfkRrqbyBw4t8kyvjSVBo+o2KDHSGQ54fjSqqjOLInjn7XE5ar+kDRsigSC4v+ssq0fm92h13Av975zEAnhXB/S9vaCvVODh7jsiMAXPsJyCiuqwN/VYInaSJcND6I9pwsRySpEYV9A== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?UkV6cWE5ODVoaTdGaTFXdGR3ZEtKSC9WV2xSZGVCdVgvUlhtbGV4M0tZL0w3?= =?utf-8?B?S1hZeVpNNlFtSTA2OUlCcTlEbW4yaXFadS9VL0liTlpEMVJNbXR0cCs4ZW42?= =?utf-8?B?Q0Q4aTZubDJKbGVsUjNhaDM0SjNIMmIzMVlUR3FLMUc0Zk9ZSHpmbTVhQUVG?= =?utf-8?B?RjZKcGtlZXF0MUVGSFZjNkY1d1JJZUhoNFA0THlXbXgxZHl2MjU5TXN6VGpk?= =?utf-8?B?NGZIWWZFckd0K2drSVI1NlM1Qm5wb2d2TnovbDJZU2ZoSWFlRHAzVTJ2Nzgy?= =?utf-8?B?cHdHV3gxYVRtUmxJWDZPRlBXc1lOZG56Y0tVZmpQVk1kNlFyeUtQMitoamJK?= =?utf-8?B?a2gxODdUREdNeTRmWEw0QzY5R2ZwVktCZk9WZEE5WFdPZkFHbGRqTFljbzNR?= =?utf-8?B?MGFhNFZaWWRTZFZrQklabXVTOWNwQXEvUlN0RWpQNFdqZCtUR1dZZUp0R3pa?= =?utf-8?B?bmVoMTBjTW94b0RMYjk0VmZibnBib3FZbDMxR2FhVmtMSm12Y1JuaXlHdllC?= =?utf-8?B?bUZMc2hjNm9KZTk5VTlKVEhxaFVzNnJyMjlDak9RRms2YW9Ba3cyOTdMekpG?= =?utf-8?B?YnB3TmMrckp3bnE5dWgrYXBvTFlDWTI4OXhMRGZmNFlSNFhPMktFWEtVOC94?= =?utf-8?B?VEtwS3FEenJvYXlCR0p6R0hpaXkzQkpQTTVWSGxaeEVlb1BxU3RYdUNNQjBD?= =?utf-8?B?NldiY3BCWnpXUXRaWnpGaXhYUnM2NUFJTEplTzBTYVk1U2ZPT3B0NFdSdTZV?= =?utf-8?B?MXZNbllvdlZYVnlWcDBmdDcvWnltQThLeEdpT1VHek9JZW9QeE5YdWo4c0k5?= =?utf-8?B?eDhJbTdvSmx4VjlUWjdabXFTMk5EOWoyK0N1Q3U0dHNQd3RPUnV3OStqVS8z?= =?utf-8?B?cnNtL0F4S0M4akVGVjlFS0toSUgrUFI3T0JFQjgvdlpCTFdLWGlUWStXWmFY?= =?utf-8?B?Q0dyd3kvVUFKU05pVHJ6VnN1eFZmOFRsV1lmVGFOWG93cnNkVFhLcHFsZ0ls?= =?utf-8?B?dE9yVlp3OThzaHd3WG5KdDVxQXphOHh0aU5aLzNxTkZXVU56QkVaekdPK3Vj?= =?utf-8?B?Tml3YTlzK3JjaU9kQjRsU1NCeFNkUHlWM3hJNEYvSDQyMUtLSnVwaE5nVExS?= =?utf-8?B?T2t4QlhBZlJSQTF1WXVKQjErcXVSRkI1em1TdFJCY2xLZVpORjhSTnBpY1RR?= =?utf-8?B?UjM5M3hlQ1VoMU1jN1FrNEN6U0VzTDZSbldTWm80RXpyNm1PaXpBMkUvWTc0?= =?utf-8?B?UkFJSVZLMko0SlEwb2wvY1VDTmpicmNLbjJSSGlJek1xVlVrQT09?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 35dc5de7-6599-49c6-093a-08d9f11e73ff X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Feb 2022 07:32:15.3447 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0301MB2568 Subject: Re: [FFmpeg-devel] [PATCH] avformat/nutdec: Add check for avformat_new_stream X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Jiasheng Jiang: > As the potential failure of the memory allocation, > the avformat_new_stream() could return NULL pointer. > Therefore, it should be better to check it and return > error if fails. > > Fixes: 84ad31ff18 ("lavf: replace av_new_stream->avformat_new_stream part II.") This commit did not introduce this bug; it merely replaced the unchecked function. > Signed-off-by: Jiasheng Jiang > --- > libavformat/nutdec.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c > index 0a8a700acf..eb2ba4840a 100644 > --- a/libavformat/nutdec.c > +++ b/libavformat/nutdec.c > @@ -352,7 +352,11 @@ static int decode_main_header(NUTContext *nut) > goto fail; > } > for (i = 0; i < stream_count; i++) > - avformat_new_stream(s, NULL); > + if (!avformat_new_stream(s, NULL)) { > + av_free(nut->stream); > + ret = AVERROR(ENOMEM); > + goto fail; > + } > > return 0; > fail: If you look at nut_read_header() you will see that it just retries even on allocation failure. So this is not a complete fix. And if it retries and finds a different packet header, it adds ever more streams, because the already created streams have not been deleted. A proper fix would need to check the return value of decode_main_header for ENOMEM, but if time_base_count were invalid and huge, one could get an allocation error even though there might be a valid header somewhere else. So one would need an equivalent of NUT_MAX_STREAMS for timebases or some other criterion to rule this out. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".