From c5f15f40b9b25f033fd9e8dd1e12763913098c11 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 13 Dec 2013 01:27:26 +0100 Subject: [PATCH] avformat/rtpdec_h264: fix null pointer dereferences Fixes CID733716 Signed-off-by: Michael Niedermayer --- libavformat/rtpdec_h264.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavformat/rtpdec_h264.c b/libavformat/rtpdec_h264.c index be657c0ccc..8b9300e08c 100644 --- a/libavformat/rtpdec_h264.c +++ b/libavformat/rtpdec_h264.c @@ -190,7 +190,8 @@ static int h264_handle_packet(AVFormatContext *ctx, PayloadContext *data, switch (type) { case 0: // undefined, but pass them through case 1: - av_new_packet(pkt, len + sizeof(start_sequence)); + if ((result = av_new_packet(pkt, len + sizeof(start_sequence))) < 0) + return result; memcpy(pkt->data, start_sequence, sizeof(start_sequence)); memcpy(pkt->data + sizeof(start_sequence), buf, len); COUNT_NAL_TYPE(data, nal); @@ -292,12 +293,14 @@ static int h264_handle_packet(AVFormatContext *ctx, PayloadContext *data, COUNT_NAL_TYPE(data, nal_type); if (start_bit) { /* copy in the start sequence, and the reconstructed nal */ - av_new_packet(pkt, sizeof(start_sequence) + sizeof(nal) + len); + if ((result = av_new_packet(pkt, sizeof(start_sequence) + sizeof(nal) + len)) < 0) + return result; memcpy(pkt->data, start_sequence, sizeof(start_sequence)); pkt->data[sizeof(start_sequence)] = reconstructed_nal; memcpy(pkt->data + sizeof(start_sequence) + sizeof(nal), buf, len); } else { - av_new_packet(pkt, len); + if ((result = av_new_packet(pkt, len)) < 0) + return result; memcpy(pkt->data, buf, len); } } else {