search

rockcarry / ffjpeg

a simple jpeg codec.
GNU General Public License v3.0
106 stars 46 forks source link

SegmentFault in jfif_encode at jfif.c:842 #14

Closed sleicasper closed 4 years ago

sleicasper commented 4 years ago

run ffjpeg -e poc.bmp in linux

result in gdb.

Stopped reason: SIGSEGV
0x0000000000401968 in bitstr_tell (stream=0x0) at bitstr.c:221
221     int type = *(int*)stream;
gdb-peda$

steam is a pointer which is null in this case. Dereferencing null pointer cause segment fault.

fix:

long bitstr_tell(void *stream)
{
    if( stream == NULL ){
        return EOF;
    }
    int type = *(int*)stream;
    switch (type) {
    case BITSTR_MEM : return mbitstr_tell(stream);
    case BITSTR_FILE: return fbitstr_tell(stream);
    }
    return EOF;
}

poc.zip

rockcarry commented 4 years ago

a new commit pushed for this issue, please check an test.