[FFmpeg-devel] fftools/ffmpeg_optc AVDictionary **opts, If memory allocation fails,
Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL.
This situation is compatible in avformat_find_stream_info().
Before av_dict_free(), the necessary checks were ignored.
// in fftools/ffmpeg_opt.c:1266
1067 static int open_input_file(OptionsContext *o, const char *filename)
1068 {
...
1191 AVDictionary **opts = setup_find_stream_info_opts(ic,
o->g->codec_opts);
...
1196 ret = avformat_find_stream_info(ic, opts);
1197
1198 for (i = 0; i < orig_nb_streams; i++)
1199 av_dict_free(&opts[i]);
...
1342 }
```
```c
// in libavutil/dict.c:203
203 void av_dict_free(AVDictionary **pm)
204 {
205 AVDictionary *m = *pm;
...
215 }
coredump backtrace info:
==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc
0x06ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
==6235==The signal is caused by a READ memory access.
==6235==Hint: address points to the zero page.
#0 0x6ba9c2f in av_dict_free
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
#1 0x4ce5ac in open_input_file
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
#2 0x4c9dc0 in open_files
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
#3 0x4c9295 in ffmpeg_parse_options
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
#4 0x58f241 in main
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
#5 0x7fe35197f0b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
Reported-by: TOTE Robot
Signed-off-by: Yu Yang
---
fftools/ffmpeg_opt.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
index a27263b879..a9fc54d948 100644
--- a/fftools/ffmpeg_opt.c
+++ b/fftools/ffmpeg_opt.c
@@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const
char *filename)
/* If not enough info to get the stream parameters, we decode the
first frames to get it. (used in mpeg case for example) */
ret = avformat_find_stream_info(ic, opts);
-
-for (i = 0; i < orig_nb_streams; i++)
-av_dict_free(&opts[i]);
-av_freep(&opts);
+if (opts){
+for (i = 0; i < orig_nb_streams; i++)
+av_dict_free(&opts[i]);
+av_freep(&opts);
+}
if (ret < 0) {
av_log(NULL, AV_LOG_FATAL, "%s: could not find codec
parameters\n", filename);
--
2.33.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] libavcodec/avpacketc packet release exception
'pkt' and '*pkt' should be judged separately for release.
SEGV by a READ memory access (address points to the zero page)
```c
// in fftools/ffmpeg.c:515
515 static void ffmpeg_cleanup(int ret)
516 {
...
626 for (i = 0; i < nb_input_files; i++) {
627 avformat_close_input(&input_files[i]->ctx);
// `input_files[0] == NULL` but `&input_files[0]->pkt == 0x68`,
see below;
628 av_packet_free(&input_files[i]->pkt);
629 av_freep(&input_files[i]);
630 }
...
674 }
```
```c
// in libavcodec/avpacket.c:75
75 void av_packet_free(AVPacket **pkt)
76 {
// pkt == 0x68, `*pkt` cause `SEGV`.
77 if (!pkt || !*pkt)
78 return;
79
80 av_packet_unref(*pkt);
81 av_freep(pkt);
82 }
```
coredump backtrace info:
==4536==ERROR: AddressSanitizer: SEGV on unknown address 0x0068 (pc
0x02a794d0 bp 0x7ffdf587a910 sp 0x7ffdf587a8e0 T0)
==4536==The signal is caused by a READ memory access.
==4536==Hint: address points to the zero page.
#0 0x2a794d0 in av_packet_free
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavcodec/avpacket.c:77:18
#1 0x592107 in ffmpeg_cleanup
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:628:9
#2 0x55fe0e in exit_program
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/cmdutils.c:136:9
#3 0x4cfcd4 in open_input_file
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1268:9 exit_program
#4 0x4c9dc0 in open_files
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
#5 0x4c9295 in ffmpeg_parse_options
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11 open_file
#6 0x58f241 in main
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
#7 0x7f122a83d0b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#8 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
Reported-by: TOTE Robot
Signed-off-by: Yu Yang
---
libavcodec/avpacket.c | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index d8d8fef3b9..8348bec581 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -74,11 +74,10 @@ AVPacket *av_packet_alloc(void)
void av_packet_free(AVPacket **pkt)
{
-if (!pkt || !*pkt)
-return;
-
-av_packet_unref(*pkt);
-av_freep(pkt);
+if (*pkt)
+av_packet_unref(*pkt);
+if (pkt)
+av_freep(pkt);
}
static int packet_alloc(AVBufferRef **buf, int size)
--
2.33.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] Exception when frame is set NULL
fftools/ffmpegc When `ost->last_frame` is NULL, 'SEGV' occurs when accessing
its pts.
libavutil/framec `ost->last_frame` may be set NULL by av_frame_alloc(). In this
situation,
av_frame_unref() and av_frame_free() do nothing. Frame is not
released.
```c
// in fftools/ffmpeg.c:1145
1145 static void do_video_out(OutputFile *of, ...)
1148 {
...
// `ost->last_frame` is NULL.
1272 av_log(NULL, AV_LOG_VERBOSE,
1273"*** dropping frame %d from stream %d at ts %"PRId64"\n",
1274ost->frame_number, ost->st->index, ost->last_frame->pts);
...
1421 if (!ost->last_frame)
// `ost->last_frame` may be set NULL here.
1422 ost->last_frame = av_frame_alloc();
...
1433 }
```
coredump backtrace info:
==7192==ERROR: AddressSanitizer: SEGV on unknown address 0x0088 (pc
0x005e87e2 bp 0x7fff84f0ffb0 sp 0x7fff84f0f020 T0)
==7192==The signal is caused by a READ memory access.
==7192==Hint: address points to the zero page.
#0 0x5e87e2 in do_video_out
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:1274:68
#1 0x5df341 in reap_filters
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:1548:25
#2 0x5d08b7 in transcode_from_filter
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4644:15
#3 0x59e557 in transcode_step
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4729:20
#4 0x593970 in transcode
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4805:15
#5 0x58f7a4 in main
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:5010:9
#6 0x7f0fa9d900b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#7 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
Reported-by: TOTE Robot
Signed-off-by: Yu Yang
---
fftools/ffmpeg.c | 7 ---
libavutil/frame.c | 9 -
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index cfb04d5eff..cade05f762 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -1265,9 +1265,10 @@ static void do_video_out(OutputFile *of,
if (nb0_frames == 0 && ost->last_dropped) {
nb_frames_drop++;
-av_log(NULL, AV_LOG_VERBOSE,
- "*** dropping frame %d from stream %d at ts %"PRId64"\n",
- ost->frame_number, ost->st->index, ost->last_frame->pts);
+if (ost->last_frame)
+av_log(NULL, AV_LOG_VERBOSE,
+ "*** dropping frame %d from stream %d at ts %"PRId64"\n",
+ ost->frame_number, ost->st->index, ost->last_frame->pts);
}
if (nb_frames > (nb0_frames && ost->last_dropped) + (nb_frames >
nb0_frames)) {
if (nb_frames > dts_error_threshold * 30) {
diff --git a/libavutil/frame.c b/libavutil/frame.c
index d4d3ad6988..9c866320a7 100644
--- a/libavutil/frame.c
+++ b/libavutil/frame.c
@@ -111,11 +111,10 @@ AVFrame *av_frame_alloc(void)
void av_frame_free(AVFrame **frame)
{
-if (!frame || !*frame)
-return;
-
-av_frame_unref(*frame);
-av_freep(frame);
+if (*frame)
+av_frame_unref(*frame);
+if (frame)
+av_freep(frame);
}
static int get_video_buffer(AVFrame *frame, int align)
--
2.33.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2] fftools/cmdutils: Avoid crash when opts is empty
Opts is assigned by setup_find_stream_info_opts(). Could not get opts when
nb_streams == 0.
It should not return NULL but print AV_LOG_ERROR. when no alloc memory for
stream options,
it also need return an error to avoid crash when free. In total,
setup_find_stream_info_opts()
should not return NULL. It print AV_LOG_ERROR or correct value.
coredump backtrace info:
==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc
0x06ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
==6235==The signal is caused by a READ memory access.
==6235==Hint: address points to the zero page.
#0 0x6ba9c2f in av_dict_free
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
#1 0x4ce5ac in open_input_file
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
#2 0x4c9dc0 in open_files
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
#3 0x4c9295 in ffmpeg_parse_options
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
#4 0x58f241 in main
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
#5 0x7fe35197f0b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
Reported-by: TOTE Robot
Signed-off-by: Yu Yang
---
fftools/cmdutils.c | 6 --
libavformat/demux.c | 12 +---
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
index 45322f8c71..f4333d8b65 100644
--- a/fftools/cmdutils.c
+++ b/fftools/cmdutils.c
@@ -2182,12 +2182,14 @@ AVDictionary
**setup_find_stream_info_opts(AVFormatContext *s,
AVDictionary **opts;
if (!s->nb_streams)
-return NULL;
+av_log(NULL, AV_LOG_ERROR,
+ "No stream exists, Could not get stream options.\n");
+exit_program(1);
opts = av_calloc(s->nb_streams, sizeof(*opts));
if (!opts) {
av_log(NULL, AV_LOG_ERROR,
"Could not alloc memory for stream options.\n");
-return NULL;
+exit_program(1);
}
for (i = 0; i < s->nb_streams; i++)
opts[i] = filter_codec_opts(codec_opts,
s->streams[i]->codecpar->codec_id,
diff --git a/libavformat/demux.c b/libavformat/demux.c
index 745dc8687c..0738ef2e73 100644
--- a/libavformat/demux.c
+++ b/libavformat/demux.c
@@ -2434,7 +2434,7 @@ int avformat_find_stream_info(AVFormatContext *ic,
AVDictionary **options)
for (unsigned i = 0; i < ic->nb_streams; i++) {
const AVCodec *codec;
-AVDictionary *thread_opt = NULL;
+
AVStream *const st = ic->streams[i];
FFStream *const sti = ffstream(st);
AVCodecContext *const avctx = sti->avctx;
@@ -2474,26 +2474,24 @@ int avformat_find_stream_info(AVFormatContext *ic,
AVDictionary **options)
/* Force thread count to 1 since the H.264 decoder will not extract
* SPS and PPS to extradata during multi-threaded decoding. */
-av_dict_set(options ? &options[i] : &thread_opt, "threads", "1", 0);
+av_dict_set(&options[i], "threads", "1", 0);
/* Force lowres to 0. The decoder might reduce the video size by the
* lowres factor, and we don't want that propagated to the stream's
* codecpar */
-av_dict_set(options ? &options[i] : &thread_opt, "lowres", "0", 0);
+av_dict_set(&options[i], "lowres", "0", 0);
if (ic->codec_whitelist)
-av_dict_set(options ? &options[i] : &thread_opt,
"codec_whitelist", ic->codec_whitelist, 0);
+av_dict_set(&options[i], "codec_whitelist", ic->codec_whitelist,
0);
// Try to just open decoders, in case this is enough to get parameters.
// Also ensure that subtitle_header is properly set.
if (!has_codec_parameters(st, NULL) && sti->request_probe <= 0 ||
st->codecpar->codec_type == AVMEDIA_TYPE_SUBTITLE) {
if (codec && !avctx->codec)
-if (avcodec_open2(avctx, codec, options ? &options[i] :
&thread_opt) < 0)
+if (avcodec_open2(avctx, codec, &options[i]) < 0)
av_log(ic, AV_LOG_WARNING,
"Failed to open codec in %s\n",__FUNCTION__);
}
-if (!options)
-av_dict_free(&thread_opt);
}
read_size = 0;
--
2.33.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] libswresample/swresamplec: Err num(negative-size) was used as a function parameter
If cannot allocate memory, ERROR(ENOMEM) '-12' as a parameter will be
constantly being returned.
When run resample() firstly, negative size param would cause buffer-overflow
and SEGV in swri_rematrix().
When run swri_rematrix() firstly, resample() would not cause error but Err num
as a wrong parameter passing.
Err num should be returned immediately. And remove assert to ensure the return
of the error code.
coredump info:
#0 0x499517 in posix_memalign (/home/r1/ffmpeg/ffmpeg_4.4.1+0x499517)
#1 0x6c1f0b4 in av_malloc
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/mem.c:86:9
#2 0x6c208fe in av_mallocz
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/mem.c:239:17
#3 0x6c207ad in av_mallocz_array
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/mem.c:195:12
#4 0x654b2e5 in swri_realloc_audio
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libswresample/swresample.c:418:14
#5 0x654f9a1 in swr_convert_internal
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libswresample/swresample.c:601:17
#6 0x654d2c0 in swr_convert
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libswresample/swresample.c:766:19
#7 0x186cf56 in flush_frame
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/af_aresample.c:251:13
#8 0x186a454 in request_frame
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/af_aresample.c:288:20
#9 0x787d9c in ff_request_frame_to_filter
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:459:15
#10 0x7877f1 in forward_status_change
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:1257:19
#11 0x77ed7e in ff_filter_activate_default
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:1288:20
#12 0x77e4e1 in ff_filter_activate
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:1441:11
#13 0x793b3f in ff_filter_graph_run_once
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfiltergraph.c:1403:12
#14 0x7a7bee in get_frame_internal
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/buffersink.c:131:19
#15 0x7a7287 in av_buffersink_get_frame_flags
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/buffersink.c:142:12
#16 0x792888 in avfilter_graph_request_oldest
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfiltergraph.c:1356:17
#17 0x5d07df in transcode_from_filter
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4639:11
#18 0x59e557 in transcode_step
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4729:20
#19 0x593970 in transcode
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4805:15
#20 0x58f7a4 in main
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:5010:9
#21 0x7f6fd2dee0b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: negative-size-param
(/home/r1/ffmpeg/ffmpeg_4.4.1+0x497e67) in __asan_memcpy
Reported-by: TOTE Robot
Signed-off-by: Yu Yang
---
libswresample/swresample.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libswresample/swresample.c b/libswresample/swresample.c
index c03fe5528f..92ab6a9148 100644
--- a/libswresample/swresample.c
+++ b/libswresample/swresample.c
@@ -644,6 +644,8 @@ static int swr_convert_internal(struct SwrContext *s,
AudioData *out, int out_co
if(s->resample_first){
if(postin != midbuf)
out_count= resample(s, midbuf, out_count, postin, in_count);
+if (out_count < 0)
+return out_count;
if(midbuf != preout)
swri_rematrix(s, preout, midbuf, out_count, preout==out);
}else{
@@ -651,6 +653,8 @@ static int swr_convert_internal(struct SwrContext *s,
AudioData *out, int out_co
swri_rematrix(s, midbuf, postin, in_count, midbuf==out);
if(midbuf != preout)
out_count= resample(s, preout, out_count, midbuf, in_count);
+if (out_count < 0)
+return out_count;
}
if(preout != out && out_count){
@@ -769,7 +773,7 @@ int attribute_align_arg swr_convert(struct SwrContext *s,
if(ret>0 && !s->drop_output)
s->outpts += ret * (int64_t)s->in_sample_rate;
-av_assert2(max_output < 0 || ret < 0 || ret <= max_output);
+av_assert2(max_output < 0 || ret <= max_output);
return ret;
}else{
--
2.33.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v3] fftools/opts: Avoid crash when opts could not be allocated
If 'opts' could not be allocated, exiting the program to avoid crash when
release it.
Before setup_find_stream_info_opts(), checking 'orig_nb_streams' is > 0.
If 'orig_nb_streams' == 0, it doesn't need 'opts' to getting streams info. So
directly
execute avformat_find_stream_info().
Reported-by: TOTE Robot
Signed-off-by: Yu Yang
---
fftools/cmdutils.c | 5 ++---
fftools/ffmpeg_opt.c | 20 ++--
2 files changed, 12 insertions(+), 13 deletions(-)
diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
index 3c8e5a82cd..823cc8a632 100644
--- a/fftools/cmdutils.c
+++ b/fftools/cmdutils.c
@@ -2181,13 +2181,12 @@ AVDictionary
**setup_find_stream_info_opts(AVFormatContext *s,
int i;
AVDictionary **opts;
-if (!s->nb_streams)
-return NULL;
opts = av_calloc(s->nb_streams, sizeof(*opts));
if (!opts) {
av_log(NULL, AV_LOG_ERROR,
"Could not alloc memory for stream options.\n");
-return NULL;
+avformat_close_input(&s);
+exit_program(1);
}
for (i = 0; i < s->nb_streams; i++)
opts[i] = filter_codec_opts(codec_opts,
s->streams[i]->codecpar->codec_id,
diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
index a703798586..453f3a21dc 100644
--- a/fftools/ffmpeg_opt.c
+++ b/fftools/ffmpeg_opt.c
@@ -1191,17 +1191,17 @@ static int open_input_file(OptionsContext *o, const
char *filename)
choose_decoder(o, ic, ic->streams[i]);
if (find_stream_info) {
-AVDictionary **opts = setup_find_stream_info_opts(ic,
o->g->codec_opts);
int orig_nb_streams = ic->nb_streams;
-
-/* If not enough info to get the stream parameters, we decode the
- first frames to get it. (used in mpeg case for example) */
-ret = avformat_find_stream_info(ic, opts);
-
-for (i = 0; i < orig_nb_streams; i++)
-av_dict_free(&opts[i]);
-av_freep(&opts);
-
+if (orig_nb_streams > 0) {
+AVDictionary **opts = setup_find_stream_info_opts(ic,
o->g->codec_opts);
+/* If not enough info to get the stream parameters, we decode the
+first frames to get it. (used in mpeg case for example) */
+ret = avformat_find_stream_info(ic, opts);
+for (i = 0; i < orig_nb_streams; i++)
+av_dict_free(&opts[i]);
+av_freep(&opts);
+} else
+ret = avformat_find_stream_info(ic, NULL);
if (ret < 0) {
av_log(NULL, AV_LOG_FATAL, "%s: could not find codec
parameters\n", filename);
if (ic->nb_streams == 0) {
--
2.33.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v4] fftools/opts: Avoid crash when opts could not be allocated
If 'opts' could not be allocated, exiting the program to avoid crash when
release it.
Before setup_find_stream_info_opts(), checking 'orig_nb_streams' is > 0.
Reported-by: TOTE Robot
Signed-off-by: Yu Yang
---
fftools/cmdutils.c | 4 +---
fftools/cmdutils.h | 4 ++--
fftools/ffmpeg_opt.c | 5 +++--
3 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
index 3c8e5a82cd..4b977f16e5 100644
--- a/fftools/cmdutils.c
+++ b/fftools/cmdutils.c
@@ -2181,13 +2181,11 @@ AVDictionary
**setup_find_stream_info_opts(AVFormatContext *s,
int i;
AVDictionary **opts;
-if (!s->nb_streams)
-return NULL;
opts = av_calloc(s->nb_streams, sizeof(*opts));
if (!opts) {
av_log(NULL, AV_LOG_ERROR,
"Could not alloc memory for stream options.\n");
-return NULL;
+exit_program(1);
}
for (i = 0; i < s->nb_streams; i++)
opts[i] = filter_codec_opts(codec_opts,
s->streams[i]->codecpar->codec_id,
diff --git a/fftools/cmdutils.h b/fftools/cmdutils.h
index 82cda208be..50eed9b13a 100644
--- a/fftools/cmdutils.h
+++ b/fftools/cmdutils.h
@@ -430,8 +430,8 @@ AVDictionary *filter_codec_opts(AVDictionary *opts, enum
AVCodecID codec_id,
* Each dictionary will contain the options from codec_opts which can
* be applied to the corresponding stream codec context.
*
- * @return pointer to the created array of dictionaries, NULL if it
- * cannot be created
+ * @return pointer to the created array of dictionaries.
+ * Calls exit() on failure.
*/
AVDictionary **setup_find_stream_info_opts(AVFormatContext *s,
AVDictionary *codec_opts);
diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
index a703798586..aac40acb9f 100644
--- a/fftools/ffmpeg_opt.c
+++ b/fftools/ffmpeg_opt.c
@@ -1191,9 +1191,10 @@ static int open_input_file(OptionsContext *o, const char
*filename)
choose_decoder(o, ic, ic->streams[i]);
if (find_stream_info) {
-AVDictionary **opts = setup_find_stream_info_opts(ic,
o->g->codec_opts);
+AVDictionary **opts = NULL;
int orig_nb_streams = ic->nb_streams;
-
+if (orig_nb_streams > 0)
+opts = setup_find_stream_info_opts(ic, o->g->codec_opts);
/* If not enough info to get the stream parameters, we decode the
first frames to get it. (used in mpeg case for example) */
ret = avformat_find_stream_info(ic, opts);
--
2.33.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2] libswresample/swresamplec: Err num(negative-size) was used as a function parameter
If cannot allocate memory, ERROR(ENOMEM) '-12' as a parameter will be
constantly being returned.
When run resample() firstly, negative size param would cause buffer-overflow
and SEGV in swri_rematrix().
When run swri_rematrix() firstly, resample() would not cause error but Err num
as a wrong parameter passing.
Err num should be returned immediately. And remove assert to ensure the return
of the error code.
coredump info:
#0 0x499517 in posix_memalign (/home/r1/ffmpeg/ffmpeg_4.4.1+0x499517)
#1 0x6c1f0b4 in av_malloc
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/mem.c:86:9
#2 0x6c208fe in av_mallocz
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/mem.c:239:17
#3 0x6c207ad in av_mallocz_array
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/mem.c:195:12
#4 0x654b2e5 in swri_realloc_audio
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libswresample/swresample.c:418:14
#5 0x654f9a1 in swr_convert_internal
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libswresample/swresample.c:601:17
#6 0x654d2c0 in swr_convert
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libswresample/swresample.c:766:19
#7 0x186cf56 in flush_frame
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/af_aresample.c:251:13
#8 0x186a454 in request_frame
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/af_aresample.c:288:20
#9 0x787d9c in ff_request_frame_to_filter
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:459:15
#10 0x7877f1 in forward_status_change
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:1257:19
#11 0x77ed7e in ff_filter_activate_default
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:1288:20
#12 0x77e4e1 in ff_filter_activate
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfilter.c:1441:11
#13 0x793b3f in ff_filter_graph_run_once
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfiltergraph.c:1403:12
#14 0x7a7bee in get_frame_internal
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/buffersink.c:131:19
#15 0x7a7287 in av_buffersink_get_frame_flags
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/buffersink.c:142:12
#16 0x792888 in avfilter_graph_request_oldest
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavfilter/avfiltergraph.c:1356:17
#17 0x5d07df in transcode_from_filter
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4639:11
#18 0x59e557 in transcode_step
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4729:20
#19 0x593970 in transcode
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4805:15
#20 0x58f7a4 in main
/home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:5010:9
#21 0x7f6fd2dee0b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: negative-size-param
(/home/r1/ffmpeg/ffmpeg_4.4.1+0x497e67) in __asan_memcpy
Reported-by: TOTE Robot
Signed-off-by: Yu Yang
---
libswresample/swresample.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/libswresample/swresample.c b/libswresample/swresample.c
index c03fe5528f..16734c9df9 100644
--- a/libswresample/swresample.c
+++ b/libswresample/swresample.c
@@ -643,14 +643,16 @@ static int swr_convert_internal(struct SwrContext *s,
AudioData *out, int out_co
if(s->resample_first){
if(postin != midbuf)
-out_count= resample(s, midbuf, out_count, postin, in_count);
+if ((out_count = resample(s, midbuf, out_count, postin, in_count))
< 0)
+return out_count;
if(midbuf != preout)
swri_rematrix(s, preout, midbuf, out_count, preout==out);
}else{
if(postin != midbuf)
swri_rematrix(s, midbuf, postin, in_count, midbuf==out);
if(midbuf != preout)
-out_count= resample(s, preout, out_count, midbuf, in_count);
+if ((out_count = resample(s, preout, out_count, midbuf, in_count))
< 0)
+return out_count;
}
if(preout != out && out_count){
@@ -769,7 +771,7 @@ int attribute_align_arg swr_convert(struct SwrContext *s,
if(ret>0 && !s->drop_output)
s->outpts += ret * (int64_t)s->in_sample_rate;
-av_assert2(max_output < 0 || ret < 0 || ret <= max_output);
+av_assert2(max_output < 0 || ret <= max_output);
return ret;
}else{
--
2.33.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] libavcodec/pthread_framec: remove duplicate pointers
From: Yu Yang
'*src' and '*avctx' point to the same memory. It is enough to keep one of them.
Signed-off-by: Yu Yang
---
libavcodec/pthread_frame.c | 13 ++---
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
index 73b1b7d7d9..98f88f7732 100644
--- a/libavcodec/pthread_frame.c
+++ b/libavcodec/pthread_frame.c
@@ -765,14 +765,14 @@ void ff_frame_thread_free(AVCodecContext *avctx, int
thread_count)
static av_cold int init_thread(PerThreadContext *p, int *threads_to_free,
FrameThreadContext *fctx, AVCodecContext *avctx,
- AVCodecContext *src, const AVCodec *codec, int
first)
+const AVCodec *codec, int first)
{
AVCodecContext *copy;
int err;
atomic_init(&p->state, STATE_INPUT_READY);
-copy = av_memdup(src, sizeof(*src));
+copy = av_memdup(avctx, sizeof(*avctx));
if (!copy)
return AVERROR(ENOMEM);
copy->priv_data = NULL;
@@ -784,7 +784,7 @@ static av_cold int init_thread(PerThreadContext *p, int
*threads_to_free,
p->parent = fctx;
p->avctx = copy;
-copy->internal = av_memdup(src->internal, sizeof(*src->internal));
+copy->internal = av_memdup(avctx->internal, sizeof(*avctx->internal));
if (!copy->internal)
return AVERROR(ENOMEM);
copy->internal->thread_ctx = p;
@@ -798,7 +798,7 @@ static av_cold int init_thread(PerThreadContext *p, int
*threads_to_free,
if (codec->priv_class) {
*(const AVClass **)copy->priv_data = codec->priv_class;
-err = av_opt_copy(copy->priv_data, src->priv_data);
+err = av_opt_copy(copy->priv_data, avctx->priv_data);
if (err < 0)
return err;
}
@@ -843,7 +843,6 @@ int ff_frame_thread_init(AVCodecContext *avctx)
{
int thread_count = avctx->thread_count;
const AVCodec *codec = avctx->codec;
-AVCodecContext *src = avctx;
FrameThreadContext *fctx;
int err, i = 0;
@@ -876,7 +875,7 @@ int ff_frame_thread_init(AVCodecContext *avctx)
fctx->delaying = 1;
if (codec->type == AVMEDIA_TYPE_VIDEO)
-avctx->delay = src->thread_count - 1;
+avctx->delay = avctx->thread_count - 1;
fctx->threads = av_calloc(thread_count, sizeof(*fctx->threads));
if (!fctx->threads) {
@@ -888,7 +887,7 @@ int ff_frame_thread_init(AVCodecContext *avctx)
PerThreadContext *p = &fctx->threads[i];
int first = !i;
-err = init_thread(p, &i, fctx, avctx, src, codec, first);
+err = init_thread(p, &i, fctx, avctx, codec, first);
if (err < 0)
goto error;
}
--
2.33.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v5] fftools/cmdutils: Avoid crash when opts could not be allocated
From: Yu Yang
If 'opts' could not be allocated, exiting the program to avoid crash when
release it.
Reported-by: TOTE Robot
Signed-off-by: Yu Yang
---
fftools/cmdutils.c | 2 +-
fftools/cmdutils.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
index 3c8e5a82cd..882584e9c2 100644
--- a/fftools/cmdutils.c
+++ b/fftools/cmdutils.c
@@ -2187,7 +2187,7 @@ AVDictionary
**setup_find_stream_info_opts(AVFormatContext *s,
if (!opts) {
av_log(NULL, AV_LOG_ERROR,
"Could not alloc memory for stream options.\n");
-return NULL;
+exit_program(1);
}
for (i = 0; i < s->nb_streams; i++)
opts[i] = filter_codec_opts(codec_opts,
s->streams[i]->codecpar->codec_id,
diff --git a/fftools/cmdutils.h b/fftools/cmdutils.h
index 82cda208be..50eed9b13a 100644
--- a/fftools/cmdutils.h
+++ b/fftools/cmdutils.h
@@ -430,8 +430,8 @@ AVDictionary *filter_codec_opts(AVDictionary *opts, enum
AVCodecID codec_id,
* Each dictionary will contain the options from codec_opts which can
* be applied to the corresponding stream codec context.
*
- * @return pointer to the created array of dictionaries, NULL if it
- * cannot be created
+ * @return pointer to the created array of dictionaries.
+ * Calls exit() on failure.
*/
AVDictionary **setup_find_stream_info_opts(AVFormatContext *s,
AVDictionary *codec_opts);
--
2.33.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
