virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

id3v2: fix NULL pointer dereference

Browse Source 
Bug found by Laurent Aimar fenrir at videolan org
This commit is contained in:
Anton Khirnov
2011-10-07 20:09:56 +02:00
parent 2804d32075
commit c780b543e7
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libavformat/id3v2.c
View File

@@ -351,7 +351,7 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
AVIOContext *pbx; AVIOContext *pbx;
unsigned char *buffer = NULL; unsigned char *buffer = NULL;
int buffer_size = 0; int buffer_size = 0;
void (*extra_func)(AVFormatContext*, AVIOContext*, int, char*, ID3v2ExtraMeta**) = NULL; const ID3v2EMFunc *extra_func;
switch (version) { switch (version) {
case 2: case 2:
@@ -419,7 +419,7 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
av_log(s, AV_LOG_WARNING, "Skipping encrypted/compressed ID3v2 frame %s.\n", tag); av_log(s, AV_LOG_WARNING, "Skipping encrypted/compressed ID3v2 frame %s.\n", tag);
avio_skip(s->pb, tlen); avio_skip(s->pb, tlen);
/* check for text tag or supported special meta tag */ /* check for text tag or supported special meta tag */
} else if (tag[0] == 'T' || (extra_meta && (extra_func = get_extra_meta_func(tag, isv34)->read))) { } else if (tag[0] == 'T' || (extra_meta && (extra_func = get_extra_meta_func(tag, isv34)))) {
if (unsync || tunsync) { if (unsync || tunsync) {
int i, j; int i, j;
av_fast_malloc(&buffer, &buffer_size, tlen); av_fast_malloc(&buffer, &buffer_size, tlen);
@@ -445,7 +445,7 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
read_ttag(s, pbx, tlen, tag); read_ttag(s, pbx, tlen, tag);
else else
/* parse special meta tag */ /* parse special meta tag */
extra_func(s, pbx, tlen, tag, extra_meta); extra_func->read(s, pbx, tlen, tag, extra_meta);
} }
else if (!tag[0]) { else if (!tag[0]) {
if (tag[1]) if (tag[1])
@@ -508,11 +508,11 @@ void ff_id3v2_read(AVFormatContext *s, const char *magic)
void ff_id3v2_free_extra_meta(ID3v2ExtraMeta **extra_meta) void ff_id3v2_free_extra_meta(ID3v2ExtraMeta **extra_meta)
{ {
ID3v2ExtraMeta *current = *extra_meta, *next; ID3v2ExtraMeta *current = *extra_meta, *next;
void (*free_func)(ID3v2ExtraMeta*); const ID3v2EMFunc *extra_func;
while (current) { while (current) {
if ((free_func = get_extra_meta_func(current->tag, 1)->free)) if ((extra_func = get_extra_meta_func(current->tag, 1)))
free_func(current->data); extra_func->free(current->data);
next = current->next; next = current->next;
av_freep(&current); av_freep(&current);
current = next; current = next;