#7993 closed defect (fixed)
null pointer passed as argument at libavformat/aviobuf.c:227
| Reported by: | Suhwan | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | mxf ubsan |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug:
There's null pointer passed as argument at libavformat/aviobuf.c:227.
How to reproduce:
% ffmpeg_g -y -i tmp.vob -map 0 -c:v prores_ks -c:v:122 fits -disposition:a:39 h261 -disposition:a:114 wmv1 -vframes 17 -b:v 587 -strict 1 tmp_.mxf ffmpeg version : N-94163-g664a27ea40 built with clang version 9.0.0
Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.
Attachments (2)
Change History (6)
by , 4 years ago
| Attachment: | gdb_log_7993 added |
|---|
by , 4 years ago
comment:1 by , 4 years ago
comment:2 by , 2 years ago
| Component: | undetermined → avformat |
|---|---|
| Keywords: | avformat removed |
| Priority: | normal → important |
| Reproduced by developer: | set |
| Status: | new → open |
comment:3 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Fixed in 5400e4a50c61e53e1bc50b3e77201649bbe9c510.
comment:4 by , 2 years ago
| Keywords: | mxf added |
|---|
Note:
See TracTickets
for help on using tickets.



libavformat/aviobuf.c
maybe buf pointer is null.
memcpy(s->buf_ptr, buf, len);218 void avio_write(AVIOContext *s, const unsigned char *buf, int size) 219 { 220 if (s->direct && !s->update_checksum) { 221 avio_flush(s); 222 writeout(s, buf, size); 223 return; 224 } 225 while (size > 0) { 226 int len = FFMIN(s->buf_end - s->buf_ptr, size); 227 memcpy(s->buf_ptr, buf, len); 228 s->buf_ptr += len; 229 230 if (s->buf_ptr >= s->buf_end) 231 flush_buffer(s); 232 233 buf += len; 234 size -= len; 235 } 236 }