Yu Yang:
> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL.
> This situation is compatible in avformat_find_stream_info().
> Before av_dict_free(), the necessary checks were ignored.
>
> // in fftools/ffmpeg_opt.c:1266
> 1067 static int open_input_file(OptionsContext *o, const char *filename)
> 1068 {
> ...
> 1191 AVDictionary **opts = setup_find_stream_info_opts(ic,
> o->g->codec_opts);
> ...
> 1196 ret = avformat_find_stream_info(ic, opts);
> 1197
> 1198 for (i = 0; i < orig_nb_streams; i++)
> 1199 av_dict_free(&opts[i]);
> ...
> 1342 }
> ```
> ```c
> // in libavutil/dict.c:203
> 203 void av_dict_free(AVDictionary **pm)
> 204 {
> 205 AVDictionary *m = *pm;
> ...
> 215 }
>
> coredump backtrace info:
> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
> 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
> ==6235==The signal is caused by a READ memory access.
> ==6235==Hint: address points to the zero page.
> #0 0x6ba9c2f in av_dict_free
> /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
> #1 0x4ce5ac in open_input_file
> /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
> #2 0x4c9dc0 in open_files
> /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
> #3 0x4c9295 in ffmpeg_parse_options
> /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
> #4 0x58f241 in main
> /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
> #5 0x7fe35197f0b2 in __libc_start_main
> /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
> #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
>
> Reported-by: TOTE Robot <os...@tsinghua.edu.cn>
> Signed-off-by: Yu Yang <young_chel...@163.com>
> ---
> fftools/ffmpeg_opt.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
> index a27263b879..a9fc54d948 100644
> --- a/fftools/ffmpeg_opt.c
> +++ b/fftools/ffmpeg_opt.c
> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const
> char *filename)
> /* If not enough info to get the stream parameters, we decode the
> first frames to get it. (used in mpeg case for example) */
> ret = avformat_find_stream_info(ic, opts);
> -
> - for (i = 0; i < orig_nb_streams; i++)
> - av_dict_free(&opts[i]);
> - av_freep(&opts);
> + if (opts){
> + for (i = 0; i < orig_nb_streams; i++)
> + av_dict_free(&opts[i]);
> + av_freep(&opts);
> + }
>
> if (ret < 0) {
> av_log(NULL, AV_LOG_FATAL, "%s: could not find codec
> parameters\n", filename);
>
You should instead check setup_find_stream_info_opts() (either only call
it if orig_nb_streams is > 0 or modify it to return an error code given
that it can currently return NULL even on nonerror).
- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
