From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id EEE9742A45 for ; Tue, 11 Jan 2022 09:29:48 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6259668AE0F; Tue, 11 Jan 2022 11:29:46 +0200 (EET) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-oln040092074037.outbound.protection.outlook.com [40.92.74.37]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 06955688081 for ; Tue, 11 Jan 2022 11:29:39 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Nt9uce56lUwlm52xPNlIhxoKUdNcFIJjjLZgcvn37GrNdlzL/A8+oEgBZBGyWWjbaeLiS6znIew7O+PXsGACwLaQqR/O6/eBRTFc2pMe5OILvshi4fo2LeIYks9vbwm+TZcuxzlJ+GABfV1i1KrO1IHXfiaEmxpLywZXwicbW4wgl2Aptk3rgoH2RqygNkU2VJ/V2ziKOwVS+AtEZ5hrEW3putjZhnyzHHLrXFqskUumn7Svb5ZpB3rlSpwJgz0NbnQL7bl/u3Ss1734WCia7DPaNdbekkBVVkpKtAbn9lxCTTbbAX2iBhBvBJnnqRFs1bmyvYK1DqBROjthtoQCfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cinOYFmTxON45q8KzuT2Owcq+3qSrkMdTcmfckHZJRM=; b=HO9IhgKn+KNFYXreZTE8VN/3KY0pd8q6dQfC1+0ixKnHUrvOVjFmz/Wr+rm0Agi457WcIj//navu5klbTtR6dgpN/zl3E1geBgfT72ic0KJtqvSxHBTZm0k8h0ae6AZ5HXKJhgfv8zF2zG9LlwitN/xTq2JX4ngYPXkLQWY4rR1/LXUSakCtbm6Lgh28TVLd7EmvKEygNpzQTE1zk/tdDmEX8JZtUcc+cTtXVo/3FHWUBGu8RfFmW6idrKpvdIRCtEqVkPrlf/gLUTuOCqYFocYaPWYWtS0koDhCYbhVwxmi9+YKIi3HWR1YCl3Siv51PnwYfSDp+nYuHe2FHOwh1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cinOYFmTxON45q8KzuT2Owcq+3qSrkMdTcmfckHZJRM=; b=rxFgqOMH1Mk/jsuth7Es/4/BdSo6MeE0Xv6FxCRtYyFvnJbv4M6DtJ7v19/x/ZWmPCm/cBwIDFC8un2JBjjsX9NAxYqfbA0S0GEDn6zI6SGMinklj0doyE0iaMocIkU+jySDp1F//jYiz8rHP+Y9PkxR4rj32t/dhOgLFk/+oDAt0h+86S5vxKbtrmQH5U12MXDmQgDcW3x9244gR5R1HpqmiNp83tOhDNj7CNTHg6wlDHevGcF67c2UzOsy8fnAG663FymBMfAGLUaLLaUBt5bb0AzQ9PIf4XDyRBtb/YkHLYWJL/AwEMtKqQ17yxMCVImYxNJTYpnW+2mTpZU/BA== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by AM5PR0301MB2436.eurprd03.prod.outlook.com (2603:10a6:203:8::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.9; Tue, 11 Jan 2022 09:29:38 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::19fc:be9f:2c9c:53f5]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::19fc:be9f:2c9c:53f5%9]) with mapi id 15.20.4867.012; Tue, 11 Jan 2022 09:29:38 +0000 Message-ID: Date: Tue, 11 Jan 2022 10:29:35 +0100 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20220111063856.15699-1-yshaw1999@163.com> From: Andreas Rheinhardt In-Reply-To: <20220111063856.15699-1-yshaw1999@163.com> X-TMN: [YBNMtQOQWwQp6ippXcBrS4jF43ofUKmV] X-ClientProxiedBy: AM9P192CA0003.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:21d::8) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: <3260156a-b845-1b4e-4422-26f5ce235524@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 28d6abca-3c6e-4719-fbb0-08d9d4e4e33a X-MS-TrafficTypeDiagnostic: AM5PR0301MB2436:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Pm0aN3WZhGovP2t0vGqhL0sGVrsPrMWQ9RiIwMTXRXZmtI3BBKQE0WlUgC/2GAb+hLg7QuTZ8qmVDghQ/oRIRRWwKRtjkWjjSKKc0wgg04V6R1kOWaZz2RBbk6ukgIBU57+SSWyAeNadKbOBe+jEEId7nyDEYkN89IOYuo1O5/X1pMnBMtorMw5sARG32bZAG73rOUpvPSzkkocBDKrAsrzNNQGMCQhkqfu3/y5xFaQB4Oubn8qBmo0TATLxnEke5jlYpqxb4dPA0Cl5sMzOAg0O6QxnASo/xQ3kAQSQ5zFEb3Qr43pKFqoebRlkmsk6L+rJAnfbkBUxJCYpjNhNfJaKVOKpRnZp2TAUkrFY5ajhpqlt6d7ePAHlGWYb3aic97F/p6Qe4Yx2loqTOyecziotWuB+SeYwTveNabzcffEeDOHRjvOohZ++t+t+MSR95OAM0p5WzTnJp8LVklbsCiF15g5Hv6lDWjpFulDXrKqmIb6H8aw20pKKXaCR+HJoSogJEaY/DDxddOadxRkz2kFzU+/jh7IBV2jXQUPt+VmX3I6nGdEJpjUKtcVwsAfO5rEUTZQsQyY+aQxipPw6wA== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZzRPdmFOc1VWVmdGaHJjN3RwKzhrQTd2SzUyWXZ4L2tzc0hlbGtHdkphejQr?= =?utf-8?B?MTY3a2ZEU3JuZElyTzdzMGF6RVJpaTViRzN2aWFIUlZHbWFUdnJJdGFHVU1u?= =?utf-8?B?L2hiaUFCUFRESnhvM0JPN0ZHWGJEcE9TM083czR1SFFqQ2htMU9YbnhpWXZh?= =?utf-8?B?TzMzOWJrMmdUdXg0aDhvVDBTQjF3WDdBT01PeGsyNHBCeVZld0NOZEoxUXVu?= =?utf-8?B?Z3h4YkdBNzJjT3UzTHVUWVhON2RjY2RVNDdmOUkzY1YraElDRWtNYStVRmcx?= =?utf-8?B?NG5odjNFVDlML3FZZUU3ZTBNdWYzZ3N0elQ1U2dtNzNsaVdiL3lEMFlWaUVk?= =?utf-8?B?Zzg2U1FnV2JoOUd4dEIzSVdzTFlmTDliOHZkTEhmenRWOERSczF5V3BNNHhn?= =?utf-8?B?d3laUW9JdTJweEt5KzVXNEd2akJvd0VvSVpML2IvV0pWVlJob1pUY2F4bTBJ?= =?utf-8?B?VE1DMXJwdzhkQW5mcXdZWHh4Tm05TlB1NHdKVU90bXFja015OWwvMkU2Zkgx?= =?utf-8?B?MFhqL2hidGpJcTB0djhrcFYwL1hrMGQ5UlErQ054eVdEcTljQWNwUTNrQzFU?= =?utf-8?B?K1FZTXJzWXdjV2FmWmttUm1mSVVHVS9URmFqQlQ4U09FUXpYcGo0S1dKRlNT?= =?utf-8?B?WnNqYWNMSG1jbGk2RTRsZjdtVjQvSzgvQzBQeURLdnVNWWQzam5WVEwrMzVE?= =?utf-8?B?WG9lcXJWTTZsallZYU45OUhVR2ZubXEyMDZnNmlaOHlNVkVzRCtXNzJZZmFG?= =?utf-8?B?VUtvWUlRVUhOcHYwNWN1MmIrRmVHaUY2Z3RyNXErK1JIbGE0THpSaCsveUNi?= =?utf-8?B?SFFHRGZhSEc5dEcwdDBqWjduTFZ2M0NHMUQ4aGtKZDBnMnpmYk5XRkF2Q09p?= =?utf-8?B?K1dkWlNWVUxtSTVHc044MWN6TUdHSWpKTjNSUmFBUy80SzVKTXl0bmx4djJy?= =?utf-8?B?YjBQMkMrbnU1eXFNa1hxN243ME9ZT0VwRS9ERW5Bd1NBN2NqbUpZUWVleVZw?= =?utf-8?B?Z1RaOWdjOXZTM0RlcHJmay8rbmZhbnhQVEQ2YjFEV1FTZmlHNWN0WmZnZVRx?= =?utf-8?B?aXRWVmVLOEhPK09HNE1BcEk1QXNmajlQcWQxeVNnbmRrR0lGZnN0bVpTMmFo?= =?utf-8?B?SUpvd2pUdGdnU0tYbndtNlNKQ3o0VnYzbVlOME1UYWt3VWloYUUrZjZVcnZn?= =?utf-8?B?T3lXSmtyT0FaTy9EM2hJc2dtZzNsWVdPUndTNGRBVHdQdmlaTUh1eFo0cnBN?= =?utf-8?B?Wk1Cb0FBMVBCL3h6LzlwcEMxaGVxaTFDUVkrc1pucThyOFA1UT09?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 28d6abca-3c6e-4719-fbb0-08d9d4e4e33a X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2022 09:29:38.4716 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0301MB2436 Subject: Re: [FFmpeg-devel] [PATCH] avformat/asfdec: fix crash caused by free wlid pointers X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Yang Xiao: > From: Yang Xiao > > This commit fixed a crash when seeking wma frames, asf decoder will try to demux in function asf_read_pts(). > Pointer member side_data of AVPacket that allocated by stack may be wild pointer. > Prevent releasing wild pointers in AVPacket when some functions try to call av_packet_unref, example av_read_frame(). > --- > libavformat/asfdec_f.c | 2 +- > libavformat/mpc.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c > index a8f36ed286..bae0ecfc7c 100644 > --- a/libavformat/asfdec_f.c > +++ b/libavformat/asfdec_f.c > @@ -1433,7 +1433,7 @@ static int64_t asf_read_pts(AVFormatContext *s, int stream_index, > { > FFFormatContext *const si = ffformatcontext(s); > ASFContext *asf = s->priv_data; > - AVPacket pkt1, *pkt = &pkt1; > + AVPacket pkt1 = {0}, *pkt = &pkt1; > ASFStream *asf_st; > int64_t pts; > int64_t pos = *ppos; > diff --git a/libavformat/mpc.c b/libavformat/mpc.c > index b5b2bab33c..ad0d693152 100644 > --- a/libavformat/mpc.c > +++ b/libavformat/mpc.c > @@ -189,7 +189,7 @@ static int mpc_read_seek(AVFormatContext *s, int stream_index, int64_t timestamp > AVStream *st = s->streams[stream_index]; > FFStream *const sti = ffstream(st); > MPCContext *c = s->priv_data; > - AVPacket pkt1, *pkt = &pkt1; > + AVPacket pkt1 = {0}, *pkt = &pkt1; > int ret; > int index = av_index_search_timestamp(st, FFMAX(timestamp - DELAY_FRAMES, 0), flags); > uint32_t lastframe; > Do you have FF_API_INIT_PACKET set to 0 (it should still be set to 1)? Because av_read_frame() is supposed to (and documented to) treat the packet it is given as uninitialized. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".