PR #23299 opened by yangzao URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23299 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23299.patch
Hi, I found that read_frame_internal() and avformat_find_stream_info() treat all non-EAGAIN errors from ff_read_packet() as EOF conditions. This hides ENOMEM errors from packet allocations and allows avformat_find_stream_info() to return success if enough stream parameters have been found. So, the caller continues execution after a fatal allocation failure, which leads to a null-ptr dereference. This patch adds direct checks for ENOMEM, so allocation failures remain fatal. >From 97a807b4f939e2ea23a7297d9e94a00f6f7cf1b0 Mon Sep 17 00:00:00 2001 From: yangzao <[email protected]> Date: Sun, 31 May 2026 20:54:12 -0600 Subject: [PATCH] avformat/demux: propagate ENOMEM from packet reads read_frame_internal() treats non-EAGAIN errors from ff_read_packet() as EOF conditions. This hides ENOMEM errors from packet allocations and allow avformat_find_stream_info() to continue. Return ENOMEM directly so allocation failures remain fatal. Signed-off-by: yangzao <[email protected]> --- libavformat/demux.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/demux.c b/libavformat/demux.c index 55085210de..137947b7a4 100644 --- a/libavformat/demux.c +++ b/libavformat/demux.c @@ -1401,6 +1401,8 @@ static int read_frame_internal(AVFormatContext *s, AVPacket *pkt) if (ret < 0) { if (ret == AVERROR(EAGAIN)) return ret; + if (ret == AVERROR(ENOMEM)) + return ret; /* flush the parsers */ for (unsigned i = 0; i < s->nb_streams; i++) { AVStream *const st = s->streams[i]; @@ -2800,6 +2802,8 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) ret = read_frame_internal(ic, pkt1); if (ret == AVERROR(EAGAIN)) continue; + if (ret == AVERROR(ENOMEM)) + goto find_stream_info_err; if (ret < 0) { /* EOF or error*/ -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
