diff options
author | wm4 <wm4@nowhere> | 2019-09-19 17:40:26 +0200 |
---|---|---|
committer | wm4 <wm4@nowhere> | 2019-09-19 20:37:05 +0200 |
commit | 389f1b0ef3ebdc05d7eee31f3f8598567d3f5165 (patch) | |
tree | 199480893d17640cc1ebf246ba257e55996376a9 | |
parent | 9a7a6958cac2174e1e9e9d61db6d8e295086aae2 (diff) | |
download | mpv-389f1b0ef3ebdc05d7eee31f3f8598567d3f5165.tar.bz2 mpv-389f1b0ef3ebdc05d7eee31f3f8598567d3f5165.tar.xz |
packet: fix theoretical UB if called on "empty" packets
In theory, a 0 size allocation could have made it memset() on a NULL
pointer (with a non-0 size, which makes it crash in addition to
theoretical UB).
This should never happen, since even packets with size 0 should have an
associated allocation, as FFmpeg currently does. But avoiding this makes
the API slightly more orthogonal and less tricky, I guess.
-rw-r--r-- | demux/packet.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/demux/packet.c b/demux/packet.c index fba9232c19..de47c28dbc 100644 --- a/demux/packet.c +++ b/demux/packet.c @@ -124,8 +124,10 @@ struct demux_packet *new_demux_packet(size_t len) void demux_packet_shorten(struct demux_packet *dp, size_t len) { assert(len <= dp->len); - dp->len = len; - memset(dp->buffer + dp->len, 0, AV_INPUT_BUFFER_PADDING_SIZE); + if (dp->len) { + dp->len = len; + memset(dp->buffer + dp->len, 0, AV_INPUT_BUFFER_PADDING_SIZE); + } } void free_demux_packet(struct demux_packet *dp) |