On 10.11.2014 03:21, Michael Niedermayer wrote:
On Sun, Nov 09, 2014 at 11:22:46PM +0100, Lukasz Marek wrote:
set_string_binary crashes with called with val=NULL
Signed-off-by: Lukasz Marek <[email protected]>
---
libavutil/opt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavutil/opt.c b/libavutil/opt.c
index fca5354..bc62044 100644
--- a/libavutil/opt.c
+++ b/libavutil/opt.c
@@ -126,11 +126,15 @@ static int set_string_binary(void *obj, const AVOption
*o, const char *val, uint
{
int *lendst = (int *)(dst + 1);
uint8_t *bin, *ptr;
- int len = strlen(val);
+ int len;
av_freep(dst);
*lendst = 0;
+ if (!val)
+ return AVERROR(EINVAL);
this deallocates dest and then returns failure
shouldnt it either not fail or not change the state of dst ?
Yes, it is inconsistent. I changed to return 0.
Also, I added check for length 0 to avoid malloc returned some pointer
for 0 bytes block.
>From e67c9094e699997cb01e2ec2dcc0a7da19ed9c03 Mon Sep 17 00:00:00 2001
From: Lukasz Marek <[email protected]>
Date: Sun, 9 Nov 2014 23:15:58 +0100
Subject: [PATCH 1/4] lavu/opt: check for NULL before parsing
set_string_binary crashes with called with val=NULL
Signed-off-by: Lukasz Marek <[email protected]>
---
libavutil/opt.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavutil/opt.c b/libavutil/opt.c
index fca5354..c064357 100644
--- a/libavutil/opt.c
+++ b/libavutil/opt.c
@@ -126,11 +126,14 @@ static int set_string_binary(void *obj, const AVOption *o, const char *val, uint
{
int *lendst = (int *)(dst + 1);
uint8_t *bin, *ptr;
- int len = strlen(val);
+ int len;
av_freep(dst);
*lendst = 0;
+ if (!val || !(len = strlen(val)))
+ return 0;
+
if (len & 1)
return AVERROR(EINVAL);
len /= 2;
--
1.9.1
_______________________________________________
ffmpeg-devel mailing list
[email protected]
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
