Memory allocation for AVIOContext should be checked. In this code,
all error conditions are sent to the "goto error".
---
libavformat/avidec.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 9765e5e7b2..33e50e9878 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -1072,11 +1072,15 @@ static int read_gab2_sub(AVFormatContext *s, AVStream
*st, AVPacket *pkt)
ff_const59 AVInputFormat *sub_demuxer;
AVRational time_base;
int size;
+ AVProbeData pd;
+ unsigned int desc_len;
AVIOContext *pb = avio_alloc_context(pkt->data + 7,
pkt->size - 7,
0, NULL, NULL, NULL, NULL);
- AVProbeData pd;
- unsigned int desc_len = avio_rl32(pb);
+ if (!pb)
+ goto error;
+
+ desc_len = avio_rl32(pb);
if (desc_len > pb->buf_end - pb->buf_ptr)
goto error;
--
2.28.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
