[FFmpeg-devel] [PATCH] fix AVI decode crash introduced in r24579#

Michael Niedermayer michaelni
Thu Sep 2 13:32:55 CEST 2010


On Fri, Aug 27, 2010 at 01:04:12PM -0400, Andrew Wason wrote:
> ffmpeg r24579 introduced a bug that causes a crash with some AVI
> samples (I have 3 samples that cause it, all are AVI with DV and PCM
> audio).
> 
> r24579 added a call to get_subtitle_pkt() in get_stream_idx(), but for
> these samples the audio streams st->priv_data is NULL and
> get_subtitle_pkt() crashes when it attempts to use it.
> 
> Sample uploaded to /MPlayer/incoming/avidec-crash/dv-pcm-crash.avi
> 
> Attached patch adds a check to guard against NULL st->priv_data in
> get_subtitle_pkt() and in avi_read_close().
> 
> 
> Crash backtrace:
> 
> FFplay version SVN-r24953, Copyright (c) 2003-2010 the FFmpeg developers
>   built on Aug 27 2010 12:29:46 with gcc 4.2.1 (Apple Inc. build 5664)
>   configuration: --enable-debug=gdb3 --disable-optimizations
>   libavutil     50.24. 0 / 50.24. 0
>   libavcore      0. 6. 0 /  0. 6. 0
>   libavcodec    52.87. 0 / 52.87. 0
>   libavformat   52.78. 3 / 52.78. 3
>   libavdevice   52. 2. 1 / 52. 2. 1
>   libavfilter    1.38. 1 /  1.38. 1
>   libswscale     0.11. 0 /  0.11. 0
> [avi @ 0x10280c200] Estimating duration from bitrate, this may be inaccurate
> Input #0, avi, from '/Volumes/Passport/bugs/ffmpeg-avi-pcm/dv-pcm-crash.avi':
>   Duration: 00:01:12.87, start: 0.000000, bitrate: 30307 kb/s
>     Stream #0.0: Video: dvvideo, yuv411p, 720x480, 28771 kb/s, PAR
> 10:11 DAR 15:11, 29.97 tbr, 29.97 tbn, 29.97 tbc
>     Stream #0.1: Audio: pcm_s16le, 48000 Hz, 2 channels, s16, 1536 kb/s
> [ffplay_output @ 0x101b2b000] auto-inserting filter 'auto-inserted
> scaler 0' between the filter 'src' and the filter 'out'
> [scale @ 0x101b2b290] w:720 h:480 fmt:yuv411p -> w:720 h:480
> fmt:yuv420p flags:0x4
> 
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000450
> [Switching to process 21503]
> 0x0000000100028074 in get_subtitle_pkt (s=0x114809000,
> next_st=0x102608c10, pkt=0x114790c30) at libavformat/avidec.c:762
> 762	        if (st->discard < AVDISCARD_ALL && ast->sub_pkt.data) {
> (gdb) bt
> #0  0x0000000100028074 in get_subtitle_pkt (s=0x114809000,
> next_st=0x102608c10, pkt=0x114790c30) at libavformat/avidec.c:762
> #1  0x0000000100028619 in avi_read_packet (s=0x114809000,
> pkt=0x114790c30) at libavformat/avidec.c:869
> #2  0x00000001000c4e7e in av_read_packet (s=0x114809000,
> pkt=0x114790c30) at libavformat/utils.c:665
> #3  0x00000001000c6822 in av_read_frame_internal (s=0x114809000,
> pkt=0x114790d50) at libavformat/utils.c:1105
> #4  0x00000001000c6f36 in av_read_frame (s=0x114809000,
> pkt=0x114790d50) at libavformat/utils.c:1230
> #5  0x00000001000081f3 in decode_thread (arg=0x114642000) at ffplay.c:2640

patch should be ok if tested

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The real ebay dictionary, page 2
"100% positive feedback" - "All either got their money back or didnt complain"
"Best seller ever, very honest" - "Seller refunded buyer after failed scam"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100902/1b8f8e19/attachment.pgp>



More information about the ffmpeg-devel mailing list