Better fix for the NULL pointer dereference from d7f83fc2f423.
Signed-off-by: James Almer <jamr...@gmail.com>
---
libavformat/iamf_parse.c | 9 ++++++---
libavformat/iamfdec.c | 3 ++-
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
index 296e49157b..e431f9a364 100644
--- a/libavformat/iamf_parse.c
+++ b/libavformat/iamf_parse.c
@@ -751,8 +751,8 @@ static int audio_element_obu(void *s, IAMFContext *c,
AVIOContext *pb, int len)
if (ret < 0)
goto fail;
} else {
- unsigned audio_element_config_size = ffio_read_leb(pbc);
- avio_skip(pbc, audio_element_config_size);
+ ret = AVERROR(EAGAIN);
+ goto fail;
}
c->audio_elements[c->nb_audio_elements++] = audio_element;
@@ -764,8 +764,11 @@ static int audio_element_obu(void *s, IAMFContext *c,
AVIOContext *pb, int len)
ret = 0;
fail:
av_free(buf);
- if (ret < 0)
+ if (ret < 0) {
ff_iamf_free_audio_element(&audio_element);
+ if (ret == AVERROR(EAGAIN))
+ ret = 0;
+ }
return ret;
}
diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c
index 2e6608b868..55b9d0f89d 100644
--- a/libavformat/iamfdec.c
+++ b/libavformat/iamfdec.c
@@ -107,7 +107,8 @@ static int iamf_read_header(AVFormatContext *s)
if (ret < 0)
return ret;
- if (!i && !j && audio_element->nb_layers &&
audio_element->layers[0].substream_count == 1)
+ av_assert0(audio_element->layers);
+ if (!i && !j && audio_element->layers[0].substream_count == 1)
st->disposition |= AV_DISPOSITION_DEFAULT;
else
st->disposition |= AV_DISPOSITION_DEPENDENT;
--
2.46.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
