diff options
| author | Andreas Rheinhardt <andreas.rheinhardt@gmail.com> | 2019-04-20 00:03:15 +0200 |
|---|---|---|
| committer | Andreas Rheinhardt <andreas.rheinhardt@gmail.com> | 2020-07-01 22:10:02 +0200 |
| commit | 458d0dea90c8e9756658d5931463421fc6974fc6 (patch) | |
| tree | c6ac9b694e4c7592bf7c0d97ed575fad9cbefe58 /libavutil/tests/parseutils.c | |
| parent | 8d90a8cb37c1ec2596d6b2e0cdfeb0975b87bfee (diff) | |
| download | ffmpeg-458d0dea90c8e9756658d5931463421fc6974fc6.tar.gz | |
lavf/webm_chunk: Fix NULL dereference
The earlier version of the webm_chunk muxer had several bugs:
1. If the first packet of an audio stream didn't have a PTS of zero,
then no chunk will be started before a packet is delivered to the
underlying Matroska/WebM muxer, i.e. the AVFormatContext used to write
these packets had a NULL as AVIOContext for output. This is behind the
crash in ticket #5752.
2. If an error happens during writing a packet, the underlyimg
Matroska/WebM muxer context is freed. This leads to a use-after-free
coupled with a double-free in webm_chunk_write_trailer (which supposes
that the underlying AVFormatContext is still valid).
3. Even when no error occurs at all, webm_chunk_write_trailer is still
buggy: After the underlying Matroska/WebM muxer has written its trailer,
ending the chunk implicitly flushes it again which is illegal at this
point.
These bugs have been fixed.
Fixes #5752.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 8c6ee7626bcce7c270360f33b60dc7ef99939fc3)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Diffstat (limited to 'libavutil/tests/parseutils.c')
0 files changed, 0 insertions, 0 deletions