ffmpeg | branch: release/5.1 | Michael Niedermayer <[email protected]> | Sun Jul 23 20:03:01 2023 +0200| [c09250be43d823621646ba9e984f478a028c2b2f] | committer: Michael Niedermayer
avformat/imf_cpl: xmlNodeListGetString() can return NULL Fixes: NULL pointer dereference Fixes: 60166/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5998301577871360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Pierre-Anthony Lemieux <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 509ce40f188734ec74078ebdd8d71f80116d9eaf) Signed-off-by: Michael Niedermayer <[email protected]> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c09250be43d823621646ba9e984f478a028c2b2f --- libavformat/imf_cpl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/imf_cpl.c b/libavformat/imf_cpl.c index f2c6b6f064..a688a44711 100644 --- a/libavformat/imf_cpl.c +++ b/libavformat/imf_cpl.c @@ -76,6 +76,8 @@ int ff_imf_xml_read_uuid(xmlNodePtr element, AVUUID uuid) int ret = 0; element_text = xmlNodeListGetString(element->doc, element->xmlChildrenNode, 1); + if (!element_text) + return AVERROR_INVALIDDATA; ret = av_uuid_urn_parse(element_text, uuid); if (ret) { av_log(NULL, AV_LOG_ERROR, "Invalid UUID\n"); @@ -92,7 +94,7 @@ int ff_imf_xml_read_rational(xmlNodePtr element, AVRational *rational) int ret = 0; element_text = xmlNodeListGetString(element->doc, element->xmlChildrenNode, 1); - if (sscanf(element_text, "%i %i", &rational->num, &rational->den) != 2) { + if (element_text == NULL || sscanf(element_text, "%i %i", &rational->num, &rational->den) != 2) { av_log(NULL, AV_LOG_ERROR, "Invalid rational number\n"); ret = AVERROR_INVALIDDATA; } @@ -107,7 +109,7 @@ int ff_imf_xml_read_uint32(xmlNodePtr element, uint32_t *number) int ret = 0; element_text = xmlNodeListGetString(element->doc, element->xmlChildrenNode, 1); - if (sscanf(element_text, "%" PRIu32, number) != 1) { + if (element_text == NULL || sscanf(element_text, "%" PRIu32, number) != 1) { av_log(NULL, AV_LOG_ERROR, "Invalid unsigned 32-bit integer"); ret = AVERROR_INVALIDDATA; } _______________________________________________ ffmpeg-cvslog mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
