diff options
| author | Andreas Rheinhardt <andreas.rheinhardt@gmail.com> | 2019-04-20 00:03:15 +0200 |
|---|---|---|
| committer | Andreas Rheinhardt <andreas.rheinhardt@gmail.com> | 2020-07-03 00:03:45 +0200 |
| commit | a3a2e782c2ab5ccfcd864f476e6c3b7aa03c8dcf (patch) | |
| tree | 2aeb71ae5172c8f1caebb7b87cc86bf40d2cf6ff /libavformat/sccdec.c | |
| parent | d6d41db435b0b86351824cad920580d8461794bc (diff) | |
| download | ffmpeg-a3a2e782c2ab5ccfcd864f476e6c3b7aa03c8dcf.tar.gz | |
lavf/webm_chunk: Fix NULL dereference
The earlier version of the webm_chunk muxer had several bugs:
1. If the first packet of an audio stream didn't have a PTS of zero,
then no chunk will be started before a packet is delivered to the
underlying Matroska/WebM muxer, i.e. the AVFormatContext used to write
these packets had a NULL as AVIOContext for output. This is behind the
crash in ticket #5752.
2. If an error happens during writing a packet, the underlyimg
Matroska/WebM muxer context is freed. This leads to a use-after-free
coupled with a double-free in webm_chunk_write_trailer (which supposes
that the underlying AVFormatContext is still valid).
3. Even when no error occurs at all, webm_chunk_write_trailer is still
buggy: After the underlying Matroska/WebM muxer has written its trailer,
ending the chunk implicitly flushes it again which is illegal at this
point.
These bugs have been fixed.
Fixes #5752.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 8c6ee7626bcce7c270360f33b60dc7ef99939fc3)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Diffstat (limited to 'libavformat/sccdec.c')
0 files changed, 0 insertions, 0 deletions