If there is a 'data' tag, but no 'fmt' tag, it is possible that 'st' got used initilialized.
Based off commit 3dd2c8bbbc725bb596eca879908881d252114243 to FFmpeg by Clément Bœsch. Signed-off-by: Derek Buitenhuis <[email protected]> --- libavformat/wav.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavformat/wav.c b/libavformat/wav.c index c01121f..86ddffc 100644 --- a/libavformat/wav.c +++ b/libavformat/wav.c @@ -387,7 +387,7 @@ static int wav_read_header(AVFormatContext *s) int rf64; uint32_t tag, list_type; AVIOContext *pb = s->pb; - AVStream *st; + AVStream *st = NULL; WAVContext *wav = s->priv_data; int ret, got_fmt = 0; int64_t next_tag_ofs, data_ofs = -1; @@ -493,6 +493,11 @@ break_loop: return AVERROR_INVALIDDATA; } + if (!st) { + av_log(s, AV_LOG_ERROR, "no 'fmt' tag found\n"); + return AVERROR_INVALIDDATA; + } + avio_seek(pb, data_ofs, SEEK_SET); if (!sample_count && st->codec->channels && av_get_bits_per_sample(st->codec->codec_id)) -- 1.7.10.4 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
