From 7c9d69360cd29415591816b70e722235a4319e08 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 1 Apr 2012 02:57:27 +0200 Subject: [PATCH] lavc: check media type of the decoder before calling it. This fixes a segfault where a video decoder was called from avcodec_decode_audio*(). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/utils.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 9c662c2ba3..e63878d2c7 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1404,6 +1404,11 @@ int attribute_align_arg avcodec_decode_video2(AVCodecContext *avctx, AVFrame *pi // copy to ensure we do not change avpkt AVPacket tmp = *avpkt; + if (avctx->codec->type != AVMEDIA_TYPE_VIDEO) { + av_log(avctx, AV_LOG_ERROR, "Invalid media type for video\n"); + return AVERROR(EINVAL); + } + *got_picture_ptr= 0; if((avctx->coded_width||avctx->coded_height) && av_image_check_size(avctx->coded_width, avctx->coded_height, 0, avctx)) return -1; @@ -1513,6 +1518,10 @@ int attribute_align_arg avcodec_decode_audio4(AVCodecContext *avctx, av_log(avctx, AV_LOG_ERROR, "invalid packet: NULL data, size != 0\n"); return AVERROR(EINVAL); } + if (avctx->codec->type != AVMEDIA_TYPE_AUDIO) { + av_log(avctx, AV_LOG_ERROR, "Invalid media type for audio\n"); + return AVERROR(EINVAL); + } if ((avctx->codec->capabilities & CODEC_CAP_DELAY) || avpkt->size) { av_packet_split_side_data(avpkt); @@ -1536,6 +1545,11 @@ int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub, { int ret; + if (avctx->codec->type != AVMEDIA_TYPE_SUBTITLE) { + av_log(avctx, AV_LOG_ERROR, "Invalid media type for subtitles\n"); + return AVERROR(EINVAL); + } + avctx->pkt = avpkt; *got_sub_ptr = 0; avcodec_get_subtitle_defaults(sub);