On Fri, 6 Apr 2012, Ronald S. Bultje wrote:
Hi,On Fri, Apr 6, 2012 at 3:00 PM, Martin Storsjö <[email protected]> wrote:This avoids exposing a dummy AVStream which won't get any data and which will make avformat_find_stream_info wait for info about this stream. --- libavformat/rtpdec.c | 2 +- libavformat/rtpdec_asf.c | 2 ++ libavformat/rtsp.c | 22 +++++++++++++++------- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c index 61653f7..41e6eb4 100644 --- a/libavformat/rtpdec.c +++ b/libavformat/rtpdec.c @@ -385,7 +385,7 @@ RTPDemuxContext *ff_rtp_parse_open(AVFormatContext *s1, AVStream *st, URLContext av_free(s); return NULL; } - } else { + } else if (st) { switch(st->codec->codec_id) { case CODEC_ID_MPEG1VIDEO: case CODEC_ID_MPEG2VIDEO: diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c index c1690ef..bbb7609 100644 --- a/libavformat/rtpdec_asf.c +++ b/libavformat/rtpdec_asf.c @@ -130,6 +130,8 @@ int ff_wms_parse_sdp_a_line(AVFormatContext *s, const char *p) static int asfrtp_parse_sdp_line(AVFormatContext *s, int stream_index, PayloadContext *asf, const char *line) { + if (stream_index < 0) + return 0;A malicious server could send a corrupt stream identifying as Xiph, or AMR, or so, and these also have parse_sdp_line functions. Do they need similar checks?
I guess they do, I'll send a new patch later. // Martin
_______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
