mirror of https://git.ffmpeg.org/ffmpeg.git
avfilter/vf_showinfo: check sd->size before reference the sd->data
Or it'll cause null pointer dereference if size < sizeof(uint32_t), also in case tc[0] > 3, the code will report error directly. Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
This commit is contained in:
parent
1dee8bf909
commit
3ede8acba6
|
@ -365,15 +365,15 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *frame)
|
||||||
break;
|
break;
|
||||||
case AV_FRAME_DATA_S12M_TIMECODE: {
|
case AV_FRAME_DATA_S12M_TIMECODE: {
|
||||||
uint32_t *tc = (uint32_t*)sd->data;
|
uint32_t *tc = (uint32_t*)sd->data;
|
||||||
int m = FFMIN(tc[0],3);
|
|
||||||
if (sd->size != 16) {
|
if ((sd->size != sizeof(uint32_t) * 4) || (tc[0] > 3)) {
|
||||||
av_log(ctx, AV_LOG_ERROR, "invalid data\n");
|
av_log(ctx, AV_LOG_ERROR, "invalid data\n");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
for (int j = 1; j <= m; j++) {
|
for (int j = 1; j <= tc[0]; j++) {
|
||||||
char tcbuf[AV_TIMECODE_STR_SIZE];
|
char tcbuf[AV_TIMECODE_STR_SIZE];
|
||||||
av_timecode_make_smpte_tc_string(tcbuf, tc[j], 0);
|
av_timecode_make_smpte_tc_string(tcbuf, tc[j], 0);
|
||||||
av_log(ctx, AV_LOG_INFO, "timecode - %s%s", tcbuf, j != m ? ", " : "");
|
av_log(ctx, AV_LOG_INFO, "timecode - %s%s", tcbuf, j != tc[0] ? ", " : "");
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue