[FFmpeg-devel] [PATCH] fix segfault in mxf demuxer
Baptiste Coudurier
baptiste.coudurier at gmail.com
Tue Mar 22 20:25:38 CET 2011
On 3/22/11 3:30 AM, Nigel Touati-Evans wrote:
> On 21 March 2011 20:09, Baptiste Coudurier <baptiste.coudurier at gmail.com> wrote:
>> Hi,
>>
>> On 03/21/2011 05:40 AM, Tomas Härdin wrote:
>>> Nigel Touati-Evans skrev 2011-03-21 12:06:
>>>> Index: ffmpeg-dmo-0.5+svn20090508/libavformat/mxfdec.c
>>>> ===================================================================
>>>> --- ffmpeg-dmo-0.5+svn20090508.orig/libavformat/mxfdec.c 2011-03-21
>>>> 10:12:47.000000000 +0000
>>>> +++ ffmpeg-dmo-0.5+svn20090508/libavformat/mxfdec.c 2011-03-21
>>>> 10:17:13.000000000 +0000
>>>> @@ -723,13 +723,16 @@
>>>> break;
>>>> }
>>>> }
>>>> - if (!source_track) {
>>>> - av_log(mxf->fc, AV_LOG_ERROR, "material track %d: no
>>>> corresponding source track found\n", material_track->track_id);
>>>> + if (source_track) {
>>>> + if (j+1 <
>>>> material_track->sequence->structural_components_count)
>>>> + av_log(mxf->fc, AV_LOG_WARNING, "material track
>>>> %d: found a source track so ignoring %d potential others\n",
>>>> material_track->track_id,
>>>> material_track->sequence->structural_components_count-j-1);
>>>
>>> Break this long line up a bit.
>>>
>>>> break;
>>>> }
>>>> }
>>>> - if (!source_track)
>>>> + if (!source_track) {
>>>> + av_log(mxf->fc, AV_LOG_ERROR, "material track %d: no
>>>> corresponding source track found\n", material_track->track_id);
>>>> continue;
>>>> + }
>>>>
>>>> st = av_new_stream(mxf->fc, source_track->track_id);
>>>> if (!st) {
>>>>
>>>>
>>>
>>> Looks OK otherwise to me. Baptiste?
>>
>> Can we get a sample so I can reproduce the problem ?
>> I'd like to know where it exactly segv.
>>
>> --
>> Baptiste COUDURIER
>> Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
>> FFmpeg maintainer http://www.ffmpeg.org
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org
>> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
>
> I'm not sure I have permission to upload the file - I'll try to find
> out. However its quite simple to see how the segv happens:
>
> For this track sequence->structural_components_count is 2, the first
> time round (j=0) the loop component is set and a source track found.
> When j=1, mxf_resolve_strong_ref returns null (the component is either
> not found or the not of the correct type), so the loop exits. This
> leaves source_track set and component null, so there is a seg fault
> trying to dereference component to find the duration.
>
> In general it doesn't look like the loop ensures the source_track
> corresponds to the component, as component is updated every iteration
> and source_track is not necessarily (e.g. if it is not found), so it
> seemed to me that the best bet was to exit the loop once a suitable
> component had been found.
>
> This doesn't fix the 'TODO: handle multiple source clips' but at least
> makes everything consistent when structural_components_count > 1, and
> prints a warning if we might be missing something.
Thanks, patch ok.
--
Baptiste COUDURIER
Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
FFmpeg maintainer http://www.ffmpeg.org
More information about the ffmpeg-devel
mailing list