[FFmpeg-trac] #1274(undetermined:new): Segmentation fault in "rtpdec_h264.c"
FFmpeg
trac at avcodec.org
Fri May 4 17:57:26 CEST 2012
#1274: Segmentation fault in "rtpdec_h264.c"
-------------------------------------+-------------------------------------
Reporter: Belevern | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
I'm using IP-Camera Beward B2.920F and when i'm using ffmpeg's rtsp there
is segmentation fault on this:
memcpy(pkt->data+sizeof(start_sequence)+sizeof(nal), buf, len);
Same in Windows and Linux.
It happens because this model of camera sometimes sends packet with lenght
of usefull data 0-2 bytes (In h264_handle_packet len = 0 or 1 or 2 ). I
fixed this by adding this:
// return 0 on packet, no more left, 1 on packet, 1 on partial packet...
static int h264_handle_packet(AVFormatContext *ctx,
PayloadContext *data,
AVStream *st,
AVPacket * pkt,
uint32_t * timestamp,
const uint8_t * buf,
int len, int flags)
{
if(!len){
av_log(ctx, AV_LOG_ERROR,"Beward fix (buffer is too short in
packet)\n");
return 0;
}
And this:
case 28: // FU-A (fragmented nal)
buf++;
len--; // skip the fu_indicator
if(len>1){
// these are the same as above, we just redo them here for
clarity...
uint8_t fu_indicator = nal;
uint8_t fu_header = *buf; // read the fu_header.
uint8_t start_bit = fu_header >> 7;
// uint8_t end_bit = (fu_header & 0x40) >> 6;
uint8_t nal_type = (fu_header & 0x1f);
uint8_t reconstructed_nal;
// reconstruct this packet's true nal; only the data follows..
reconstructed_nal = fu_indicator & (0xe0); // the original
nal forbidden bit and NRI are stored in this packet's nal;
reconstructed_nal |= nal_type;
// skip the fu_header...
buf++;
len--;
#ifdef DEBUG
if (start_bit)
data->packet_types_received[nal_type]++;
#endif
if(start_bit) {
// copy in the start sequence, and the reconstructed
nal....
//av_log(ctx, AV_LOG_ERROR,"%08X %08X %08X
%08X\n",pkt,pkt->data,buf,len);
av_new_packet(pkt,
sizeof(start_sequence)+sizeof(nal)+len);
memcpy(pkt->data, start_sequence, sizeof(start_sequence));
pkt->data[sizeof(start_sequence)]= reconstructed_nal;
memcpy(pkt->data+sizeof(start_sequence)+sizeof(nal), buf,
len);
} else {
av_new_packet(pkt, len);
memcpy(pkt->data, buf, len);
}
}else{
av_log(ctx, AV_LOG_ERROR,"Beward fix (buffer is too short in
packet)\n");
}
break;
Please, fix it because i can't upload it to git and compile under windows.
(I'm using automated builds by Zeranoe).
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1274>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list