From: Chris Evans <[email protected]> Specifically crafted samples can reinit ogg->streams[] while reading samples, and thus we should not cache old pointers since these may no longer be valid.
Signed-off-by: Ronald S. Bultje <[email protected]> --- libavformat/oggdec.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 998a33b..e85afaf 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -311,6 +311,7 @@ static int ogg_packet(AVFormatContext *s, int *str, int *dstart, int *dsize, int complete = 0; int segp = 0, psize = 0; + *str = -1; av_dlog(s, "ogg_packet: curidx=%i\n", ogg->curidx); do{ @@ -586,7 +587,6 @@ static int64_t ogg_read_timestamp(AVFormatContext *s, int stream_index, int64_t *pos_arg, int64_t pos_limit) { struct ogg *ogg = s->priv_data; - struct ogg_stream *os = ogg->streams + stream_index; AVIOContext *bc = s->pb; int64_t pts = AV_NOPTS_VALUE; int i; @@ -595,6 +595,7 @@ static int64_t ogg_read_timestamp(AVFormatContext *s, int stream_index, while (avio_tell(bc) < pos_limit && !ogg_packet(s, &i, NULL, NULL, pos_arg)) { if (i == stream_index) { + struct ogg_stream *os = ogg->streams + stream_index; pts = ogg_calc_pts(s, i, NULL); if (os->keyframe_seek && !(os->pflags & AV_PKT_FLAG_KEY)) pts = AV_NOPTS_VALUE; @@ -620,6 +621,7 @@ static int ogg_read_seek(AVFormatContext *s, int stream_index, os->keyframe_seek = 1; ret = av_seek_frame_binary(s, stream_index, timestamp, flags); + os = ogg->streams + stream_index; if (ret < 0) os->keyframe_seek = 0; return ret; -- 1.7.2.1 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
