From ddaf33f5bba59f013a4191a4b22ba83c420cce38 Mon Sep 17 00:00:00 2001
From: Stefano Sabatini <stefasab@gmail.com>
Date: Mon, 21 Oct 2013 13:33:06 +0200
Subject: ffprobe: fix consistency checks in parse_read_intervals()

Move array size assert after the count increment, and avoid strchr() NULL
dereference on p.

Should fix FFmpeg coverity issue #1108581.
---
 ffprobe.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'ffprobe.c')

diff --git a/ffprobe.c b/ffprobe.c
index b7f287c7fb..80a286b20a 100644
--- a/ffprobe.c
+++ b/ffprobe.c
@@ -2460,8 +2460,11 @@ static int parse_read_intervals(const char *intervals_spec)
 
     /* parse intervals */
     p = spec;
-    for (i = 0; i < n; i++) {
-        char *next = strchr(p, ',');
+    for (i = 0; p; i++) {
+        char *next;
+
+        av_assert0(i < read_intervals_nb);
+        next = strchr(p, ',');
         if (next)
             *next++ = 0;
 
@@ -2475,7 +2478,6 @@ static int parse_read_intervals(const char *intervals_spec)
         av_log(NULL, AV_LOG_VERBOSE, "Parsed log interval ");
         log_read_interval(&read_intervals[i], NULL, AV_LOG_VERBOSE);
         p = next;
-        av_assert0(i <= read_intervals_nb);
     }
     av_assert0(i == read_intervals_nb);
 
-- 
cgit v1.2.3