Hi, On Mon, May 8, 2017 at 3:08 PM, Zubin Mevawalla <zubinm...@qbitlogic.com> wrote:
> If `bufptr` is NULL, and `len` >= 12, then `buf` is initialized to NULL > and dereferenced on line 796. > > diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c > --- a/libavformat/rtpdec.c > +++ b/libavformat/rtpdec.c > @@ -793,8 +793,10 @@ static int rtp_parse_one_packet(RTPDemuxContext > *s, AVPacket *pkt, > if (len < 12) > return -1; > > - if ((buf[0] & 0xc0) != (RTP_VERSION << 6)) > In callers, we're assuming that (rtsp.c line 2158/2160) if len > 0, bufptr != NULL and thus buf != NULL. Likewise, len == 0 implies that bufptr == NULL and thus buf == NULL. Ronald _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
