[FFmpeg-devel] [PATCH 5/5] avformat/mpeg: Don't use unintialized value
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Sun Mar 29 13:23:00 EEST 2020
Andreas Rheinhardt:
> Michael Niedermayer:
>> On Sun, Jan 19, 2020 at 02:43:00PM +0000, Andreas Rheinhardt wrote:
>>> Michael Niedermayer:
>>>> On Tue, Oct 22, 2019 at 03:16:45PM +0200, Andreas Rheinhardt wrote:
>>>>> vobsub_read_packet() didn't check whether an index in array of AVPackets
>>>>> was valid and therefore used uninitialized values.
>>>>>
>>>>> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
>>>>> ---
>>>>> Actually I only wanted to use Valgrind to check for memleaks...
>>>>>
>>>>> libavformat/mpeg.c | 4 ++++
>>>>> 1 file changed, 4 insertions(+)
>>>>>
>>>>> diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c
>>>>> index 73ade71d95..474afd06b9 100644
>>>>> --- a/libavformat/mpeg.c
>>>>> +++ b/libavformat/mpeg.c
>>>>> @@ -930,6 +930,10 @@ static int vobsub_read_packet(AVFormatContext *s, AVPacket *pkt)
>>>>> FFDemuxSubtitlesQueue *tmpq = &vobsub->q[i];
>>>>> int64_t ts;
>>>>> av_assert0(tmpq->nb_subs);
>>>>> +
>>>>> + if (tmpq->current_sub_idx >= tmpq->nb_subs)
>>>>> + continue;
>>>>
>>>> How can this issue be reproduced ?
>>>>
>>>> thx
>>>>
>>>> [...]
>>>
>>> Read a VobSub subtitle till the end:
>>> ffmpeg -i <idx input file> -c copy -f null -
>>
>> does not reproduce
>>
>> ./ffmpeg -i fate/sub/vobsub.idx -c copy -f null -
>> Output file #0 does not contain any stream
>> code does not execute
>
> Sorry, I forgot that subtitle streams are not enabled by default.
>>
>> ./ffmpeg -i fate/sub/vobsub.idx -c copy -map s -f null -
>> the if does not execute
>>
>> iam obviously doing something wrong, can you provide a unambigous testcase?
>>
> You are not doing anything wrong; it's just that the sample is
> truncated: The idx file claims to contain 47 packets, yet the sub file
> contains only 46. As a result, trying to read the 47. packet (the last
> packet that exists in the FFDemuxSubtitlesQueue) fails and no attempt to
> read another packet (which would trigger what I told you) is attempted.
>
> You can reproduce this by deleting the last line in vobsub.idx.
>
> - Andreas
>
Ping.
- Andreas
More information about the ffmpeg-devel
mailing list