From 280c6e0d1cf7c22c6f9f551edbc7942b96df93c6 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Mon, 10 Aug 2020 01:32:42 +0200 Subject: [PATCH] avformat/mlvdec: Check for existence of AVIOContext before using it The mlv demuxer supports input split into multiple files; if invalid data is encountered when parsing one of the subsequent files, that file is closed. But at this point some index entries belonging to this file might already have been added. In this case, the read_packet function might try to use the AVIOContext (which is NULL) to read data which will of course crash. This commit fixes this. Signed-off-by: Andreas Rheinhardt (cherry picked from commit 6e0dd41fa3cdfd4b31d2c03c52e926231d7b2e73) --- libavformat/mlvdec.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c index 03aed71024..7c7ced7f76 100644 --- a/libavformat/mlvdec.c +++ b/libavformat/mlvdec.c @@ -411,6 +411,10 @@ static int read_packet(AVFormatContext *avctx, AVPacket *pkt) } pb = mlv->pb[st->index_entries[index].size]; + if (!pb) { + ret = FFERROR_REDO; + goto next_packet; + } avio_seek(pb, st->index_entries[index].pos, SEEK_SET); avio_skip(pb, 4); // blockType @@ -439,12 +443,14 @@ static int read_packet(AVFormatContext *avctx, AVPacket *pkt) pkt->stream_index = mlv->stream_index; pkt->pts = mlv->pts; + ret = 0; +next_packet: mlv->stream_index++; if (mlv->stream_index == avctx->nb_streams) { mlv->stream_index = 0; mlv->pts++; } - return 0; + return ret; } static int read_seek(AVFormatContext *avctx, int stream_index, int64_t timestamp, int flags)