[vlc-commits] [Git][videolan/vlc][master] demux: mp4: fix potential null-dereference

[Steve Lhomme (@robUx4)]

Steve Lhomme pushed to branch master at VideoLAN / VLC


Commits:
f817aa14 by David Korczynski at 2026-04-25T10:51:42+00:00
demux: mp4: fix potential null-dereference

Bug: MP4_SampleToGroupInfo returns "found" without setting the output
*pp_descentry when no sgpd box exists, so the caller dereferences an
uninitialized pointer.

Fix: Initialize *pp_descentry = NULL and return NULL when the
description lookup fails, so a truthy return guarantees a valid
description pointer.

Addresses: https://code.videolan.org/videolan/vlc/-/issues/29743

Signed-off-by: David Korczynski <david at adalogics.com>

- - - - -


1 changed file:

- modules/demux/mp4/mp4.c


Changes:

=====================================
modules/demux/mp4/mp4.c
=====================================
@@ -437,6 +437,7 @@ static const MP4_Box_data_sbgp_entry_t *
         return p_sampleentry;
 
     /* Lookup designated group description */
+    *pp_descentry = NULL;
     const MP4_Box_t *p_sgpd = MP4_GroupDescriptionByType( p_node, i_grouping_type );
     if( p_sgpd )
     {
@@ -457,6 +458,10 @@ static const MP4_Box_data_sbgp_entry_t *
         }
     }
 
+    /* If caller requested a description but we couldn't find one, report no match */
+    if( *pp_descentry == NULL )
+        return NULL;
+
     return p_sampleentry;
 }
 



View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/f817aa14e54342450696989b3eae8f6c8c736535

-- 
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/f817aa14e54342450696989b3eae8f6c8c736535
You're receiving this email because of your account on code.videolan.org.