[libav-devel] [PATCH 7/7] [RFC] rtpenc: Avoid a NULL pointer access

Martin Storsjö martin at martin.st
Wed Jun 3 20:00:44 CEST 2015


On Wed, 3 Jun 2015, Martin Storsjö wrote:

> On Wed, 3 Jun 2015, Vittorio Giovara wrote:
>
>> CC: libav-stable at libav.org
>> Bug-Id: CID 1035715
>> ---
>> libavformat/rtpenc.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>> 
>> diff --git a/libavformat/rtpenc.c b/libavformat/rtpenc.c
>> index 6158934..55a3820 100644
>> --- a/libavformat/rtpenc.c
>> +++ b/libavformat/rtpenc.c
>> @@ -558,6 +558,10 @@ static int rtp_write_packet(AVFormatContext *s1, 
>> AVPacket *pkt)
>>             const uint8_t *mb_info =
>>                 av_packet_get_side_data(pkt, AV_PKT_DATA_H263_MB_INFO,
>>                                         &mb_info_size);
>> +            if (!mb_info) {
>> +                av_log(s1, AV_LOG_WARNING, "rfc2190 set but no mb 
>> info\n");
>> +                break;
>> +            }
>>             ff_rtp_send_h263_rfc2190(s1, pkt->data, size, mb_info, 
>> mb_info_size);
>>             break;
>>         }
>> -- 
>> 1.9.5 (Apple Git-50.3)
>
> No.

This is also a great case why the commit message should include more info 
than just "CID 1035715". This one sure is better than patch 2/7 which 
doesn't even explain what potentially bad thing it tries to fix, but here 
it is also missing an explanation on how a NULL pointer could be 
dereferenced. If you'd try to explain that, you'd realize it can't.

// Martin


More information about the libav-devel mailing list