[Ffmpeg-devel] ffplay broken in latest svn

Nikns Siankin nikns
Tue Jan 9 13:36:16 CET 2007 

On Tue, Jan 09, 2007 at 01:48:30PM +0200, Nikns Siankin wrote:
>On Tue, Jan 09, 2007 at 10:50:22AM -0000, Wolfram Gloger wrote:
>>Hi,
>>
>>> --- libavformat/utils.c.orig	Tue Jan  2 22:35:46 2007
>>> +++ libavformat/utils.c	Tue Jan  9 11:54:36 2007
>>> @@ -1784,7 +1784,7 @@ int av_find_stream_info(AVFormatContext 
>>>      AVPacketList *pktl=NULL, **ppktl;
>>>      int64_t last_dts[MAX_STREAMS];
>>>      int duration_count[MAX_STREAMS]={0};
>>> -    double duration_error[MAX_STREAMS][MAX_STD_TIMEBASES]={{0}}; //FIXME malloc()?
>>> +    double (*duration_error)[MAX_STD_TIMEBASES] = av_mallocz(MAX_STREAMS * MAX_STD_TIMEBASES * sizeof(duration_error));
>>
>>Ahem, this, without any further pointer initialization, cannot
>>possibly be correct, the first duration_error[i][j] dereference will
>>crash, also I think the sizeof(duration_error) (==
>>MAX_STD_TIME_BASES*sizeof(double*) in this case) is probably
>>unintentionally large..
>
>sizeof(duration_error) != MAX_STD_TIME_BASES*sizeof(double*)
>sizeof(duration_error) == sizeof(double*)

And thats why it will be unintentionally small... for 32bit platforms,
because we need to allocate space for doubles not pointers to doubles.
Correct patch:


--- libavformat/utils.c.orig	Tue Jan  2 22:35:46 2007
+++ libavformat/utils.c	Tue Jan  9 14:28:47 2007
@@ -1784,7 +1784,7 @@ int av_find_stream_info(AVFormatContext 
     AVPacketList *pktl=NULL, **ppktl;
     int64_t last_dts[MAX_STREAMS];
     int duration_count[MAX_STREAMS]={0};
-    double duration_error[MAX_STREAMS][MAX_STD_TIMEBASES]={{0}}; //FIXME malloc()?
+    double (*duration_error)[MAX_STD_TIMEBASES] = av_mallocz(MAX_STREAMS * sizeof(*duration_error));
 
     for(i=0;i<ic->nb_streams;i++) {
         st = ic->streams[i];
@@ -1896,7 +1896,7 @@ int av_find_stream_info(AVFormatContext 
 //                if(st->codec->codec_type == CODEC_TYPE_VIDEO)
 //                    av_log(NULL, AV_LOG_ERROR, "%f\n", dur);
                 if(duration_count[index] < 2)
-                    memset(duration_error, 0, sizeof(duration_error));
+                    memset(duration_error, 0, MAX_STREAMS * sizeof(*duration_error));
                 for(i=1; i<MAX_STD_TIMEBASES; i++){
                     int framerate= get_std_framerate(i);
                     int ticks= lrintf(dur*framerate/(1001*12));
@@ -2016,6 +2016,9 @@ int av_find_stream_info(AVFormatContext 
         }
     }
 #endif
+
+    av_freep(&duration_error);
+
     return ret;
 }

More information about the ffmpeg-devel mailing list