#313 Dereferencing a NULL pointer in drm_sample.c

[Oleg Ivanov]

MP4Box crashes with Segmentation fault when decrypting DRM file while get auxiliary information by saiz/saio rather than by parsing senc box.

Dereferencing a NULL pointer in drm_sample.c (1040,1052): GF_TrackFragmentBox *traf.

This change helped for me:

Index: isomedia/drm_sample.c
===================================================================
--- isomedia/drm_sample.c       (revision 5277)
+++ isomedia/drm_sample.c       (working copy)
@@ -1037,7 +1037,7 @@
                }
        }
        //assume CENC if we find a senc box - hack for some ultraviolet files :(
-       if (!has_saiz && (traf->sample_encryption || traf->piff_sample_encryption) )
+       if (!has_saiz && traf && (traf->sample_encryption || traf->piff_sample_encryption) )
                has_saiz = GF_TRUE;

        for (i = 0; i < gf_list_count(sai_offsets); i++) {
@@ -1049,7 +1049,7 @@
        }

        //assume CENC if we find a senc box - hack for some ultraviolet files :(
-       if (!has_saio && (traf->sample_encryption || traf->piff_sample_encryption) )
+       if (!has_saio && traf && (traf->sample_encryption || traf->piff_sample_encryption) )
                has_saio = GF_TRUE;

        return (has_saiz && has_saio);

[Cyril Concolato]

Closing bug as the patch is applied.