From 6326afd5e90cfed9df08b652a1cd6f6a948c239a Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Fri, 23 Sep 2011 21:54:44 -0400 Subject: [PATCH] avcodec: reject audio packets with NULL data and non-zero size There is no valid reason the user should ever send such packets in the first place, but the documentation for CODEC_CAP_DELAY states that the codec is guaranteed not to get a NULL packet unless that capability is set. That isn't true without preventing this case. --- libavcodec/utils.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 8459e5f870..b598942354 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -747,6 +747,11 @@ int attribute_align_arg avcodec_decode_audio3(AVCodecContext *avctx, int16_t *sa avctx->pkt = avpkt; + if (!avpkt->data && avpkt->size) { + av_log(avctx, AV_LOG_ERROR, "invalid packet: NULL data, size != 0\n"); + return AVERROR(EINVAL); + } + if((avctx->codec->capabilities & CODEC_CAP_DELAY) || avpkt->size){ //FIXME remove the check below _after_ ensuring that all audio check that the available space is enough if(*frame_size_ptr < AVCODEC_MAX_AUDIO_FRAME_SIZE){