[vlc-commits] demux: avi: fix null deref

[Francois Cartegnie]

vlc/vlc-2.2 | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Thu Nov 23 00:21:49 2017 +0100| [ea1824e0e3bcf82fa4a46680a908af5ef8f3cdd7] | committer: Francois Cartegnie

demux: avi: fix null deref

b50e8f4388696aa1698fd7c3846b5d7962e5ca02 backport

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=ea1824e0e3bcf82fa4a46680a908af5ef8f3cdd7
---

 modules/demux/avi/avi.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/modules/demux/avi/avi.c b/modules/demux/avi/avi.c
index c661c3ab8a..c4c2409b0b 100644
--- a/modules/demux/avi/avi.c
+++ b/modules/demux/avi/avi.c
@@ -324,7 +324,7 @@ static int Open( vlc_object_t * p_this )
             avi_chunk_list_t *p_sysx;
 
             p_sysx = AVI_ChunkFind( &p_sys->ck_root, AVIFOURCC_RIFF, i, true );
-            if( p_sysx->i_type == AVIFOURCC_AVIX )
+            if( p_sysx && p_sysx->i_type == AVIFOURCC_AVIX )
             {
                 msg_Warn( p_demux, "detected OpenDML file" );
                 p_sys->b_odml = true;
@@ -777,7 +777,7 @@ aviindex:
         p_strl = AVI_ChunkFind( p_hdrl, AVIFOURCC_strl, i, true );
         p_auds = AVI_ChunkFind( p_strl, AVIFOURCC_strf, 0, false );
 
-        if( p_auds->p_wf->wFormatTag != WAVE_FORMAT_PCM &&
+        if( p_auds && p_auds->p_wf->wFormatTag != WAVE_FORMAT_PCM &&
             (unsigned int)tk->i_rate == p_auds->p_wf->nSamplesPerSec )
         {
             int64_t i_track_length =
@@ -2311,6 +2311,8 @@ static int AVI_IndexFind_idx1( demux_t *p_demux,
      * has unused chunk at the beginning of the movi content.
      */
     avi_chunk_list_t *p_movi = AVI_ChunkFind( p_riff, AVIFOURCC_movi, 0, true );
+    if( !p_movi )
+        return VLC_EGENERIC;
     uint64_t i_first_pos = UINT64_MAX;
     for( unsigned i = 0; i < __MIN( p_idx1->i_entry_count, 100 ); i++ )
     {
@@ -2620,7 +2622,7 @@ static void AVI_IndexCreate( demux_t *p_demux )
                                             AVIFOURCC_RIFF, 1, true );
 
                     msg_Dbg( p_demux, "looking for new RIFF chunk" );
-                    if( stream_Seek( p_demux->s, p_sysx->i_chunk_pos + 24 ) )
+                    if( !p_sysx || stream_Seek( p_demux->s, p_sysx->i_chunk_pos + 24 ) )
                         goto print_stat;
                     break;
                 }