Hi Kieran

On Sat, Nov 01, 2025 at 02:37:45AM +0000, Kieran Kunhya via ffmpeg-devel wrote:
> On Fri, 31 Oct 2025, 17:06 michaelni via ffmpeg-devel, <
> ffmpeg-devel@ffmpeg.org> wrote:
> 
> > PR #20805 opened by michaelni
> > URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20805
> > Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20805.patch
> >
> > Fixes: out of array access
> > No testcase
> >
> > Found-by: Joshua Rogers <joshua@joshua.hu> with ZeroPath
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> >
> >
> > >From e01eb935a6b919d0bc4361e30a0ab00ff01783af Mon Sep 17 00:00:00 2001
> > From: Michael Niedermayer <michael@niedermayer.cc>
> > Date: Fri, 31 Oct 2025 18:00:11 +0100
> > Subject: [PATCH] avformat/whip: Fix rtp_ctx->streams access
> >
> > Fixes: out of array access
> > No testcase
> >
> > Found-by: Joshua Rogers <joshua@joshua.hu> with ZeroPath
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/whip.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavformat/whip.c b/libavformat/whip.c
> > index a11fffb9c6..6a9b208f69 100644
> > --- a/libavformat/whip.c
> > +++ b/libavformat/whip.c
> > @@ -1592,8 +1592,8 @@ static int create_rtp_muxer(AVFormatContext *s)
> >           * therefore, we deactivate the extradata detection for the RTP
> > muxer.
> >           */
> >          if (s->streams[i]->codecpar->codec_id == AV_CODEC_ID_H264) {
> > -            av_freep(&rtp_ctx->streams[i]->codecpar->extradata);
> > -            rtp_ctx->streams[i]->codecpar->extradata_size = 0;
> > +            av_freep(&rtp_ctx->streams[0]->codecpar->extradata);
> > +            rtp_ctx->streams[0]->codecpar->extradata_size = 0;
> >          }
> >
> >          buffer = av_malloc(buffer_size);
> >
> 
> Both the original code and the fix are weird.

I agree, a better fix is welcome, but until then, this fix was approved by 3 people
including the author of teh whip code. And it fixes the out of array access
fixing the weirdness is out of the scope of this fix.

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Its not that you shouldnt use gotos but rather that you should write
readable code and code with gotos often but not always is less readable