[FFmpeg-devel] [PATCH] fix segfault in mxf demuxer
Nigel Touati-Evans
nigel.touatievans at gmail.com
Thu Mar 24 10:32:38 CET 2011
On 22 March 2011 19:25, Baptiste Coudurier <baptiste.coudurier at gmail.com> wrote:
> On 3/22/11 3:30 AM, Nigel Touati-Evans wrote:
>> On 21 March 2011 20:09, Baptiste Coudurier <baptiste.coudurier at gmail.com> wrote:
>>> Hi,
>>>
>>> On 03/21/2011 05:40 AM, Tomas Härdin wrote:
>>>> Nigel Touati-Evans skrev 2011-03-21 12:06:
>>>>> Index: ffmpeg-dmo-0.5+svn20090508/libavformat/mxfdec.c
>>>>> ===================================================================
>>>>> --- ffmpeg-dmo-0.5+svn20090508.orig/libavformat/mxfdec.c 2011-03-21
>>>>> 10:12:47.000000000 +0000
>>>>> +++ ffmpeg-dmo-0.5+svn20090508/libavformat/mxfdec.c 2011-03-21
>>>>> 10:17:13.000000000 +0000
>>>>> @@ -723,13 +723,16 @@
>>>>> break;
>>>>> }
>>>>> }
>>>>> - if (!source_track) {
>>>>> - av_log(mxf->fc, AV_LOG_ERROR, "material track %d: no
>>>>> corresponding source track found\n", material_track->track_id);
>>>>> + if (source_track) {
>>>>> + if (j+1 <
>>>>> material_track->sequence->structural_components_count)
>>>>> + av_log(mxf->fc, AV_LOG_WARNING, "material track
>>>>> %d: found a source track so ignoring %d potential others\n",
>>>>> material_track->track_id,
>>>>> material_track->sequence->structural_components_count-j-1);
>>>>
>>>> Break this long line up a bit.
>>>>
>>>>> break;
>>>>> }
>>>>> }
>>>>> - if (!source_track)
>>>>> + if (!source_track) {
>>>>> + av_log(mxf->fc, AV_LOG_ERROR, "material track %d: no
>>>>> corresponding source track found\n", material_track->track_id);
>>>>> continue;
>>>>> + }
>>>>>
>>>>> st = av_new_stream(mxf->fc, source_track->track_id);
>>>>> if (!st) {
>>>>>
>>>>>
>>>>
>>>> Looks OK otherwise to me. Baptiste?
>>>
>>> Can we get a sample so I can reproduce the problem ?
>>> I'd like to know where it exactly segv.
>>>
>>> --
>>> Baptiste COUDURIER
>>> Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
>>> FFmpeg maintainer http://www.ffmpeg.org
>>> _______________________________________________
>>> ffmpeg-devel mailing list
>>> ffmpeg-devel at ffmpeg.org
>>> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>>
>>
>> I'm not sure I have permission to upload the file - I'll try to find
>> out. However its quite simple to see how the segv happens:
>>
>> For this track sequence->structural_components_count is 2, the first
>> time round (j=0) the loop component is set and a source track found.
>> When j=1, mxf_resolve_strong_ref returns null (the component is either
>> not found or the not of the correct type), so the loop exits. This
>> leaves source_track set and component null, so there is a seg fault
>> trying to dereference component to find the duration.
>>
>> In general it doesn't look like the loop ensures the source_track
>> corresponds to the component, as component is updated every iteration
>> and source_track is not necessarily (e.g. if it is not found), so it
>> seemed to me that the best bet was to exit the loop once a suitable
>> component had been found.
>>
>> This doesn't fix the 'TODO: handle multiple source clips' but at least
>> makes everything consistent when structural_components_count > 1, and
>> prints a warning if we might be missing something.
>
> Thanks, patch ok.
>
> --
> Baptiste COUDURIER
> Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
> FFmpeg maintainer http://www.ffmpeg.org
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
Thanks - do you want me to attach a new patch with that long line split up?
Nigel
More information about the ffmpeg-devel
mailing list