On Fri, 31 Oct 2025, 17:06 michaelni via ffmpeg-devel, < [email protected]> wrote:
> PR #20805 opened by michaelni > URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20805 > Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20805.patch > > Fixes: out of array access > No testcase > > Found-by: Joshua Rogers <[email protected]> with ZeroPath > Signed-off-by: Michael Niedermayer <[email protected]> > > > >From e01eb935a6b919d0bc4361e30a0ab00ff01783af Mon Sep 17 00:00:00 2001 > From: Michael Niedermayer <[email protected]> > Date: Fri, 31 Oct 2025 18:00:11 +0100 > Subject: [PATCH] avformat/whip: Fix rtp_ctx->streams access > > Fixes: out of array access > No testcase > > Found-by: Joshua Rogers <[email protected]> with ZeroPath > Signed-off-by: Michael Niedermayer <[email protected]> > --- > libavformat/whip.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavformat/whip.c b/libavformat/whip.c > index a11fffb9c6..6a9b208f69 100644 > --- a/libavformat/whip.c > +++ b/libavformat/whip.c > @@ -1592,8 +1592,8 @@ static int create_rtp_muxer(AVFormatContext *s) > * therefore, we deactivate the extradata detection for the RTP > muxer. > */ > if (s->streams[i]->codecpar->codec_id == AV_CODEC_ID_H264) { > - av_freep(&rtp_ctx->streams[i]->codecpar->extradata); > - rtp_ctx->streams[i]->codecpar->extradata_size = 0; > + av_freep(&rtp_ctx->streams[0]->codecpar->extradata); > + rtp_ctx->streams[0]->codecpar->extradata_size = 0; > } > > buffer = av_malloc(buffer_size); > Both the original code and the fix are weird. Kieran > _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
