From d3cfd7aff86ee3d449ca68aba21d67b9b2136a9b Mon Sep 17 00:00:00 2001 From: Andrew Kelley Date: Sat, 5 Jul 2014 22:24:43 -0700 Subject: [PATCH] af_compand: make sure request_frame always outputs at least one frame This fixes a segmentation fault because request_frame in fifo.c assumes that the call to ff_request_frame will populate fifo->root.next. Before, it was possible for request_frame in af_compand to not do this, resulting in a null pointer access. Now, request_frame in af_compand always will return at least one frame or an error, as per the API specifications in avfilter.h for request_frame. Signed-off-by: Anton Khirnov --- libavfilter/af_compand.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/libavfilter/af_compand.c b/libavfilter/af_compand.c index a6692bc37f..f21c861e06 100644 --- a/libavfilter/af_compand.c +++ b/libavfilter/af_compand.c @@ -71,6 +71,8 @@ typedef struct CompandContext { int64_t pts; int (*compand)(AVFilterContext *ctx, AVFrame *frame); + /* set by filter_frame() to signal an output frame to request_frame() */ + int got_output; } CompandContext; #define OFFSET(x) offsetof(CompandContext, x) @@ -287,7 +289,15 @@ static int compand_delay(AVFilterContext *ctx, AVFrame *frame) s->delay_index = dindex; av_frame_free(&frame); - return out_frame ? ff_filter_frame(ctx->outputs[0], out_frame) : 0; + + if (out_frame) { + err = ff_filter_frame(ctx->outputs[0], out_frame); + if (err >= 0) + s->got_output = 1; + return err; + } + + return 0; } static int compand_drain(AVFilterLink *outlink) @@ -559,9 +569,11 @@ static int request_frame(AVFilterLink *outlink) { AVFilterContext *ctx = outlink->src; CompandContext *s = ctx->priv; - int ret; + int ret = 0; - ret = ff_request_frame(ctx->inputs[0]); + s->got_output = 0; + while (ret >= 0 && !s->got_output) + ret = ff_request_frame(ctx->inputs[0]); if (ret == AVERROR_EOF && s->delay_count) ret = compand_drain(outlink);