From 9aee574dd0926c12425fa62b4b3f03fa7ba6ce25 Mon Sep 17 00:00:00 2001
From: Colin NG <colin_ng@hotmail.com>
Date: Thu, 24 May 2018 11:09:20 +0800
Subject: avformat/dashdec: Fix for ticket 7149 (Segfault when decoding dash
 streams)

Add NULL pointer check for init_section
---
 libavformat/dashdec.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

(limited to 'libavformat')

diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c
index 42202e0011..c6f350d830 100644
--- a/libavformat/dashdec.c
+++ b/libavformat/dashdec.c
@@ -1877,25 +1877,40 @@ fail:
 
 static int init_section_compare_video(DASHContext *c)
 {
+    char *url =NULL;
+    int64_t url_offset = -1;
+    int64_t size = -1;
     int i = 0;
-    char *url = c->videos[0]->init_section->url;
-    int64_t url_offset = c->videos[0]->init_section->url_offset;
-    int64_t size = c->videos[0]->init_section->size;
+
+    if (c->videos[0]->init_section == NULL)
+        return 0;
+
+    url = c->videos[0]->init_section->url;
+    url_offset = c->videos[0]->init_section->url_offset;
+    size = c->videos[0]->init_section->size;
     for (i=0;i<c->n_videos;i++) {
         if (av_strcasecmp(c->videos[i]->init_section->url,url) || c->videos[i]->init_section->url_offset != url_offset || c->videos[i]->init_section->size != size) {
             return 0;
         }
     }
+
     return 1;
 }
 
 static int init_section_compare_audio(DASHContext *c)
 {
+    char *url =NULL;
+    int64_t url_offset = -1;
+    int64_t size = -1;
     int i = 0;
-    char *url = c->audios[0]->init_section->url;
-    int64_t url_offset = c->audios[0]->init_section->url_offset;
-    int64_t size = c->audios[0]->init_section->size;
-    for (i=0;i<c->n_audios;i++) {
+
+    if (c->audios[0]->init_section == NULL)
+        return 0;
+
+    url = c->audios[0]->init_section->url;
+    url_offset = c->audios[0]->init_section->url_offset;
+    size = c->audios[0]->init_section->size;
+    for (i=0; i<c->n_audios; i++) {
         if (av_strcasecmp(c->audios[i]->init_section->url,url) || c->audios[i]->init_section->url_offset != url_offset || c->audios[i]->init_section->size != size) {
             return 0;
         }
@@ -1960,6 +1975,7 @@ static int dash_read_header(AVFormatContext *s)
         ++stream_index;
     }
 
+
     if (c->n_audios) {
         c->is_init_section_common_audio = init_section_compare_audio(c);
     }
-- 
cgit v1.2.3