| Message ID | 20171025235432.35640-1-lq@chinaffmpeg.org |
|---|---|
| State | Accepted |
| Commit | f5208307618d992ddd2d96866cf5a267c9bc7165 |
| Headers | show |
> 在 2017年10月26日,上午7:54,Steven Liu <lq@chinaffmpeg.org> 写道: > > fix ticket id: #6777 > when use argument hls_segment_filename, the basename_size will be 0 > > Signed-off-by: Steven Liu <lq@chinaffmpeg.org> > --- > libavformat/hlsenc.c | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c > index 418f153c6f..55ce800c5a 100644 > --- a/libavformat/hlsenc.c > +++ b/libavformat/hlsenc.c > @@ -1335,6 +1335,7 @@ static int hls_write_header(AVFormatContext *s) > AVDictionary *options = NULL; > int basename_size = 0; > int vtt_basename_size = 0; > + int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; > > if (hls->segment_type == SEGMENT_TYPE_FMP4) { > pattern = "%d.m4s"; > @@ -1445,7 +1446,6 @@ static int hls_write_header(AVFormatContext *s) > } > > if (av_strcasecmp(hls->fmp4_init_filename, "init.mp4")) { > - int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; > hls->base_output_dirname = av_malloc(fmp4_init_filename_len); > if (!hls->base_output_dirname) { > ret = AVERROR(ENOMEM); > @@ -1453,19 +1453,25 @@ static int hls_write_header(AVFormatContext *s) > } > av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, fmp4_init_filename_len); > } else { > - hls->base_output_dirname = av_malloc(basename_size); > + if (basename_size > 0) { > + hls->base_output_dirname = av_malloc(basename_size); > + } else { > + hls->base_output_dirname = av_malloc(strlen(hls->fmp4_init_filename)); > + } > if (!hls->base_output_dirname) { > ret = AVERROR(ENOMEM); > goto fail; > } > > - av_strlcpy(hls->base_output_dirname, s->filename, basename_size); > - p = strrchr(hls->base_output_dirname, '/'); > + if (basename_size > 0) { > + av_strlcpy(hls->base_output_dirname, s->filename, basename_size); > + p = strrchr(hls->base_output_dirname, '/'); > + } > if (p) { > *(p + 1) = '\0'; > av_strlcat(hls->base_output_dirname, hls->fmp4_init_filename, basename_size); > } else { > - av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, basename_size); > + av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, fmp4_init_filename_len); > } > } > > -- > 2.11.0 (Apple Git-81) > Applied! Thanks
On Sun, 29 Oct 2017, Liu Steven wrote: > >> 在 2017年10月26日,上午7:54,Steven Liu <lq@chinaffmpeg.org> 写道: >> >> fix ticket id: #6777 >> when use argument hls_segment_filename, the basename_size will be 0 >> >> Signed-off-by: Steven Liu <lq@chinaffmpeg.org> >> --- >> libavformat/hlsenc.c | 16 +++++++++++----- >> 1 file changed, 11 insertions(+), 5 deletions(-) >> >> diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c >> index 418f153c6f..55ce800c5a 100644 >> --- a/libavformat/hlsenc.c >> +++ b/libavformat/hlsenc.c >> @@ -1335,6 +1335,7 @@ static int hls_write_header(AVFormatContext *s) >> AVDictionary *options = NULL; >> int basename_size = 0; >> int vtt_basename_size = 0; >> + int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; >> >> if (hls->segment_type == SEGMENT_TYPE_FMP4) { >> pattern = "%d.m4s"; >> @@ -1445,7 +1446,6 @@ static int hls_write_header(AVFormatContext *s) >> } >> >> if (av_strcasecmp(hls->fmp4_init_filename, "init.mp4")) { >> - int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; >> hls->base_output_dirname = av_malloc(fmp4_init_filename_len); >> if (!hls->base_output_dirname) { >> ret = AVERROR(ENOMEM); >> @@ -1453,19 +1453,25 @@ static int hls_write_header(AVFormatContext *s) >> } >> av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, fmp4_init_filename_len); >> } else { >> - hls->base_output_dirname = av_malloc(basename_size); >> + if (basename_size > 0) { >> + hls->base_output_dirname = av_malloc(basename_size); >> + } else { >> + hls->base_output_dirname = av_malloc(strlen(hls->fmp4_init_filename)); >> + } >> if (!hls->base_output_dirname) { >> ret = AVERROR(ENOMEM); >> goto fail; >> } >> >> - av_strlcpy(hls->base_output_dirname, s->filename, basename_size); >> - p = strrchr(hls->base_output_dirname, '/'); >> + if (basename_size > 0) { >> + av_strlcpy(hls->base_output_dirname, s->filename, basename_size); >> + p = strrchr(hls->base_output_dirname, '/'); >> + } >> if (p) { >> *(p + 1) = '\0'; >> av_strlcat(hls->base_output_dirname, hls->fmp4_init_filename, basename_size); >> } else { >> - av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, basename_size); >> + av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, fmp4_init_filename_len); >> } >> } >> >> -- >> 2.11.0 (Apple Git-81) >> > > Applied! > This breaks fate-filter-hls-append, ffmpeg crashes or infinite loops for me: ==8410== Invalid write of size 1 ==8410== at 0x102DD63: av_strlcpy (avstring.c:89) ==8410== by 0x6627D9: hls_write_header (hlsenc.c:1474) ==8410== by 0x6BD7E1: write_header_internal (mux.c:466) ==8410== by 0x6BF678: avformat_write_header (mux.c:519) ==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933) ==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572) ==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424) ==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540) ==8410== by 0x48F45E: transcode (ffmpeg.c:4584) ==8410== by 0x48F45E: main (ffmpeg.c:4790) ==8410== Address 0xb3ded28 is 0 bytes after a block of size 8 alloc'd ==8410== at 0x4C2B5D0: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==8410== by 0x4C2B6E7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==8410== by 0x1044809: av_malloc (mem.c:87) ==8410== by 0x661DC0: hls_write_header (hlsenc.c:1459) ==8410== by 0x6BD7E1: write_header_internal (mux.c:466) ==8410== by 0x6BF678: avformat_write_header (mux.c:519) ==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933) ==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572) ==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424) ==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540) ==8410== by 0x48F45E: transcode (ffmpeg.c:4584) ==8410== by 0x48F45E: main (ffmpeg.c:4790) ==8410== Regards, Marton
On Wed, 1 Nov 2017, Marton Balint wrote: > > On Sun, 29 Oct 2017, Liu Steven wrote: > >> >>> 在 2017年10月26日,上午7:54,Steven Liu <lq@chinaffmpeg.org> 写道: >>> >>> fix ticket id: #6777 >>> when use argument hls_segment_filename, the basename_size will be 0 >>> >>> Signed-off-by: Steven Liu <lq@chinaffmpeg.org> >>> --- >>> libavformat/hlsenc.c | 16 +++++++++++----- >>> 1 file changed, 11 insertions(+), 5 deletions(-) >>> >>> diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c >>> index 418f153c6f..55ce800c5a 100644 >>> --- a/libavformat/hlsenc.c >>> +++ b/libavformat/hlsenc.c >>> @@ -1335,6 +1335,7 @@ static int hls_write_header(AVFormatContext *s) >>> AVDictionary *options = NULL; >>> int basename_size = 0; >>> int vtt_basename_size = 0; >>> + int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; >>> >>> if (hls->segment_type == SEGMENT_TYPE_FMP4) { >>> pattern = "%d.m4s"; >>> @@ -1445,7 +1446,6 @@ static int hls_write_header(AVFormatContext *s) >>> } >>> >>> if (av_strcasecmp(hls->fmp4_init_filename, "init.mp4")) { >>> - int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; >>> hls->base_output_dirname = av_malloc(fmp4_init_filename_len); >>> if (!hls->base_output_dirname) { >>> ret = AVERROR(ENOMEM); >>> @@ -1453,19 +1453,25 @@ static int hls_write_header(AVFormatContext *s) >>> } >>> av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, > fmp4_init_filename_len); >>> } else { >>> - hls->base_output_dirname = av_malloc(basename_size); >>> + if (basename_size > 0) { >>> + hls->base_output_dirname = av_malloc(basename_size); >>> + } else { >>> + hls->base_output_dirname = > av_malloc(strlen(hls->fmp4_init_filename)); >>> + } >>> if (!hls->base_output_dirname) { >>> ret = AVERROR(ENOMEM); >>> goto fail; >>> } >>> >>> - av_strlcpy(hls->base_output_dirname, s->filename, basename_size); >>> - p = strrchr(hls->base_output_dirname, '/'); >>> + if (basename_size > 0) { >>> + av_strlcpy(hls->base_output_dirname, s->filename, > basename_size); >>> + p = strrchr(hls->base_output_dirname, '/'); >>> + } >>> if (p) { >>> *(p + 1) = '\0'; >>> av_strlcat(hls->base_output_dirname, hls->fmp4_init_filename, > basename_size); >>> } else { >>> - av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, > basename_size); >>> + av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, > fmp4_init_filename_len); >>> } >>> } >>> >>> -- >>> 2.11.0 (Apple Git-81) >>> >> >> Applied! >> > > This breaks fate-filter-hls-append, ffmpeg crashes or infinite loops for > me: > > ==8410== Invalid write of size 1 > ==8410== at 0x102DD63: av_strlcpy (avstring.c:89) > ==8410== by 0x6627D9: hls_write_header (hlsenc.c:1474) > ==8410== by 0x6BD7E1: write_header_internal (mux.c:466) > ==8410== by 0x6BF678: avformat_write_header (mux.c:519) > ==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933) > ==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572) > ==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424) > ==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540) > ==8410== by 0x48F45E: transcode (ffmpeg.c:4584) > ==8410== by 0x48F45E: main (ffmpeg.c:4790) > ==8410== Address 0xb3ded28 is 0 bytes after a block of size 8 alloc'd > ==8410== at 0x4C2B5D0: memalign (in > /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==8410== by 0x4C2B6E7: posix_memalign (in > /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==8410== by 0x1044809: av_malloc (mem.c:87) > ==8410== by 0x661DC0: hls_write_header (hlsenc.c:1459) > ==8410== by 0x6BD7E1: write_header_internal (mux.c:466) > ==8410== by 0x6BF678: avformat_write_header (mux.c:519) > ==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933) > ==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572) > ==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424) > ==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540) > ==8410== by 0x48F45E: transcode (ffmpeg.c:4584) > ==8410== by 0x48F45E: main (ffmpeg.c:4790) > ==8410== The above trace is for the offending commit, here is one for the current git master: ==8580== Invalid write of size 1 ==8580== at 0x102CD13: av_strlcpy (avstring.c:89) ==8580== by 0x661B19: hls_write_header (hlsenc.c:1472) ==8580== by 0x6BD751: write_header_internal (mux.c:466) ==8580== by 0x6BF5E8: avformat_write_header (mux.c:519) ==8580== by 0x4A5058: check_init_output_file (ffmpeg.c:2939) ==8580== by 0x4A65D5: init_output_stream.constprop.23 (ffmpeg.c:3578) ==8580== by 0x4AABB5: reap_filters (ffmpeg.c:1424) ==8580== by 0x4AFFF8: transcode_step (ffmpeg.c:4546) ==8580== by 0x4AFFF8: transcode (ffmpeg.c:4590) ==8580== by 0x48DF41: main (ffmpeg.c:4796) ==8580== Address 0xb3debe8 is 0 bytes after a block of size 8 alloc'd ==8580== at 0x4C2B5D0: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==8580== by 0x4C2B6E7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==8580== by 0x10436D9: av_malloc (mem.c:87) ==8580== by 0x661100: hls_write_header (hlsenc.c:1457) ==8580== by 0x6BD751: write_header_internal (mux.c:466) ==8580== by 0x6BF5E8: avformat_write_header (mux.c:519) ==8580== by 0x4A5058: check_init_output_file (ffmpeg.c:2939) ==8580== by 0x4A65D5: init_output_stream.constprop.23 (ffmpeg.c:3578) ==8580== by 0x4AABB5: reap_filters (ffmpeg.c:1424) ==8580== by 0x4AFFF8: transcode_step (ffmpeg.c:4546) ==8580== by 0x4AFFF8: transcode (ffmpeg.c:4590) ==8580== by 0x48DF41: main (ffmpeg.c:4796) ==8580== Regards, Marton
> 在 2017年11月2日,上午3:18,Marton Balint <cus@passwd.hu> 写道: > > > On Wed, 1 Nov 2017, Marton Balint wrote: > >> >> On Sun, 29 Oct 2017, Liu Steven wrote: >> >>> >>>> 在 2017年10月26日,上午7:54,Steven Liu <lq@chinaffmpeg.org> 写道: >>>> fix ticket id: #6777 >>>> when use argument hls_segment_filename, the basename_size will be 0 >>>> Signed-off-by: Steven Liu <lq@chinaffmpeg.org> >>>> --- >>>> libavformat/hlsenc.c | 16 +++++++++++----- >>>> 1 file changed, 11 insertions(+), 5 deletions(-) >>>> diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c >>>> index 418f153c6f..55ce800c5a 100644 >>>> --- a/libavformat/hlsenc.c >>>> +++ b/libavformat/hlsenc.c >>>> @@ -1335,6 +1335,7 @@ static int hls_write_header(AVFormatContext *s) >>>> AVDictionary *options = NULL; >>>> int basename_size = 0; >>>> int vtt_basename_size = 0; >>>> + int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; >>>> >>>> if (hls->segment_type == SEGMENT_TYPE_FMP4) { >>>> pattern = "%d.m4s"; >>>> @@ -1445,7 +1446,6 @@ static int hls_write_header(AVFormatContext *s) >>>> } >>>> >>>> if (av_strcasecmp(hls->fmp4_init_filename, "init.mp4")) { >>>> - int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; >>>> hls->base_output_dirname = av_malloc(fmp4_init_filename_len); >>>> if (!hls->base_output_dirname) { >>>> ret = AVERROR(ENOMEM); >>>> @@ -1453,19 +1453,25 @@ static int hls_write_header(AVFormatContext *s) >>>> } >>>> av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, >> fmp4_init_filename_len); >>>> } else { >>>> - hls->base_output_dirname = av_malloc(basename_size); >>>> + if (basename_size > 0) { >>>> + hls->base_output_dirname = av_malloc(basename_size); >>>> + } else { >>>> + hls->base_output_dirname = >> av_malloc(strlen(hls->fmp4_init_filename)); >>>> + } >>>> if (!hls->base_output_dirname) { >>>> ret = AVERROR(ENOMEM); >>>> goto fail; >>>> } >>>> - av_strlcpy(hls->base_output_dirname, s->filename, basename_size); >>>> - p = strrchr(hls->base_output_dirname, '/'); >>>> + if (basename_size > 0) { >>>> + av_strlcpy(hls->base_output_dirname, s->filename, >> basename_size); >>>> + p = strrchr(hls->base_output_dirname, '/'); >>>> + } >>>> if (p) { >>>> *(p + 1) = '\0'; >>>> av_strlcat(hls->base_output_dirname, hls->fmp4_init_filename, >> basename_size); >>>> } else { >>>> - av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, >> basename_size); >>>> + av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, >> fmp4_init_filename_len); >>>> } >>>> } >>>> -- >>>> 2.11.0 (Apple Git-81) >>> >>> Applied! >>> >> >> This breaks fate-filter-hls-append, ffmpeg crashes or infinite loops for me: >> >> ==8410== Invalid write of size 1 >> ==8410== at 0x102DD63: av_strlcpy (avstring.c:89) >> ==8410== by 0x6627D9: hls_write_header (hlsenc.c:1474) >> ==8410== by 0x6BD7E1: write_header_internal (mux.c:466) >> ==8410== by 0x6BF678: avformat_write_header (mux.c:519) >> ==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933) >> ==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572) >> ==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424) >> ==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540) >> ==8410== by 0x48F45E: transcode (ffmpeg.c:4584) >> ==8410== by 0x48F45E: main (ffmpeg.c:4790) >> ==8410== Address 0xb3ded28 is 0 bytes after a block of size 8 alloc'd >> ==8410== at 0x4C2B5D0: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >> ==8410== by 0x4C2B6E7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >> ==8410== by 0x1044809: av_malloc (mem.c:87) >> ==8410== by 0x661DC0: hls_write_header (hlsenc.c:1459) >> ==8410== by 0x6BD7E1: write_header_internal (mux.c:466) >> ==8410== by 0x6BF678: avformat_write_header (mux.c:519) >> ==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933) >> ==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572) >> ==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424) >> ==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540) >> ==8410== by 0x48F45E: transcode (ffmpeg.c:4584) >> ==8410== by 0x48F45E: main (ffmpeg.c:4790) >> ==8410== > > The above trace is for the offending commit, here is one for the current git master: > > ==8580== Invalid write of size 1 > ==8580== at 0x102CD13: av_strlcpy (avstring.c:89) > ==8580== by 0x661B19: hls_write_header (hlsenc.c:1472) > ==8580== by 0x6BD751: write_header_internal (mux.c:466) > ==8580== by 0x6BF5E8: avformat_write_header (mux.c:519) > ==8580== by 0x4A5058: check_init_output_file (ffmpeg.c:2939) > ==8580== by 0x4A65D5: init_output_stream.constprop.23 (ffmpeg.c:3578) > ==8580== by 0x4AABB5: reap_filters (ffmpeg.c:1424) > ==8580== by 0x4AFFF8: transcode_step (ffmpeg.c:4546) > ==8580== by 0x4AFFF8: transcode (ffmpeg.c:4590) > ==8580== by 0x48DF41: main (ffmpeg.c:4796) > ==8580== Address 0xb3debe8 is 0 bytes after a block of size 8 alloc'd > ==8580== at 0x4C2B5D0: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==8580== by 0x4C2B6E7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==8580== by 0x10436D9: av_malloc (mem.c:87) > ==8580== by 0x661100: hls_write_header (hlsenc.c:1457) > ==8580== by 0x6BD751: write_header_internal (mux.c:466) > ==8580== by 0x6BF5E8: avformat_write_header (mux.c:519) > ==8580== by 0x4A5058: check_init_output_file (ffmpeg.c:2939) > ==8580== by 0x4A65D5: init_output_stream.constprop.23 (ffmpeg.c:3578) > ==8580== by 0x4AABB5: reap_filters (ffmpeg.c:1424) > ==8580== by 0x4AFFF8: transcode_step (ffmpeg.c:4546) > ==8580== by 0x4AFFF8: transcode (ffmpeg.c:4590) > ==8580== by 0x48DF41: main (ffmpeg.c:4796) I have send a new patch to fix it :) > ==8580== > > Regards, > Marton > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
On Thu, 2 Nov 2017, Liu Steven wrote: > >> 在 2017年11月2日,上午3:18,Marton Balint <cus@passwd.hu> 写道: >> >> >> On Wed, 1 Nov 2017, Marton Balint wrote: >> >>> >>> On Sun, 29 Oct 2017, Liu Steven wrote: >>> >>>> >>>>> 在 2017年10月26日,上午7:54,Steven Liu <lq@chinaffmpeg.org> 写道: >>>>> fix ticket id: #6777 >>>>> when use argument hls_segment_filename, the basename_size will be 0 >>>>> Signed-off-by: Steven Liu <lq@chinaffmpeg.org> >>>>> --- >>>>> libavformat/hlsenc.c | 16 +++++++++++----- >>>>> 1 file changed, 11 insertions(+), 5 deletions(-) >>>>> diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c >>>>> index 418f153c6f..55ce800c5a 100644 >>>>> --- a/libavformat/hlsenc.c >>>>> +++ b/libavformat/hlsenc.c >>>>> @@ -1335,6 +1335,7 @@ static int hls_write_header(AVFormatContext *s) >>>>> AVDictionary *options = NULL; >>>>> int basename_size = 0; >>>>> int vtt_basename_size = 0; >>>>> + int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; >>>>> >>>>> if (hls->segment_type == SEGMENT_TYPE_FMP4) { >>>>> pattern = "%d.m4s"; >>>>> @@ -1445,7 +1446,6 @@ static int hls_write_header(AVFormatContext *s) >>>>> } >>>>> >>>>> if (av_strcasecmp(hls->fmp4_init_filename, "init.mp4")) { >>>>> - int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; >>>>> hls->base_output_dirname = av_malloc(fmp4_init_filename_len); >>>>> if (!hls->base_output_dirname) { >>>>> ret = AVERROR(ENOMEM); >>>>> @@ -1453,19 +1453,25 @@ static int hls_write_header(AVFormatContext *s) >>>>> } >>>>> av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, >>> fmp4_init_filename_len); >>>>> } else { >>>>> - hls->base_output_dirname = av_malloc(basename_size); >>>>> + if (basename_size > 0) { >>>>> + hls->base_output_dirname = av_malloc(basename_size); >>>>> + } else { >>>>> + hls->base_output_dirname = >>> av_malloc(strlen(hls->fmp4_init_filename)); >>>>> + } >>>>> if (!hls->base_output_dirname) { >>>>> ret = AVERROR(ENOMEM); >>>>> goto fail; >>>>> } >>>>> - av_strlcpy(hls->base_output_dirname, s->filename, basename_size); >>>>> - p = strrchr(hls->base_output_dirname, '/'); >>>>> + if (basename_size > 0) { >>>>> + av_strlcpy(hls->base_output_dirname, s->filename, >>> basename_size); >>>>> + p = strrchr(hls->base_output_dirname, '/'); >>>>> + } >>>>> if (p) { >>>>> *(p + 1) = '\0'; >>>>> av_strlcat(hls->base_output_dirname, hls->fmp4_init_filename, >>> basename_size); >>>>> } else { >>>>> - av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, >>> basename_size); >>>>> + av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, >>> fmp4_init_filename_len); >>>>> } >>>>> } >>>>> -- >>>>> 2.11.0 (Apple Git-81) >>>> >>>> Applied! >>>> >>> >>> This breaks fate-filter-hls-append, ffmpeg crashes or infinite loops for me: >>> >>> ==8410== Invalid write of size 1 >>> ==8410== at 0x102DD63: av_strlcpy (avstring.c:89) >>> ==8410== by 0x6627D9: hls_write_header (hlsenc.c:1474) >>> ==8410== by 0x6BD7E1: write_header_internal (mux.c:466) >>> ==8410== by 0x6BF678: avformat_write_header (mux.c:519) >>> ==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933) >>> ==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572) >>> ==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424) >>> ==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540) >>> ==8410== by 0x48F45E: transcode (ffmpeg.c:4584) >>> ==8410== by 0x48F45E: main (ffmpeg.c:4790) >>> ==8410== Address 0xb3ded28 is 0 bytes after a block of size 8 alloc'd >>> ==8410== at 0x4C2B5D0: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >>> ==8410== by 0x4C2B6E7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >>> ==8410== by 0x1044809: av_malloc (mem.c:87) >>> ==8410== by 0x661DC0: hls_write_header (hlsenc.c:1459) >>> ==8410== by 0x6BD7E1: write_header_internal (mux.c:466) >>> ==8410== by 0x6BF678: avformat_write_header (mux.c:519) >>> ==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933) >>> ==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572) >>> ==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424) >>> ==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540) >>> ==8410== by 0x48F45E: transcode (ffmpeg.c:4584) >>> ==8410== by 0x48F45E: main (ffmpeg.c:4790) >>> ==8410== >> >> The above trace is for the offending commit, here is one for the current git master: >> >> ==8580== Invalid write of size 1 >> ==8580== at 0x102CD13: av_strlcpy (avstring.c:89) >> ==8580== by 0x661B19: hls_write_header (hlsenc.c:1472) >> ==8580== by 0x6BD751: write_header_internal (mux.c:466) >> ==8580== by 0x6BF5E8: avformat_write_header (mux.c:519) >> ==8580== by 0x4A5058: check_init_output_file (ffmpeg.c:2939) >> ==8580== by 0x4A65D5: init_output_stream.constprop.23 (ffmpeg.c:3578) >> ==8580== by 0x4AABB5: reap_filters (ffmpeg.c:1424) >> ==8580== by 0x4AFFF8: transcode_step (ffmpeg.c:4546) >> ==8580== by 0x4AFFF8: transcode (ffmpeg.c:4590) >> ==8580== by 0x48DF41: main (ffmpeg.c:4796) >> ==8580== Address 0xb3debe8 is 0 bytes after a block of size 8 alloc'd >> ==8580== at 0x4C2B5D0: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >> ==8580== by 0x4C2B6E7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >> ==8580== by 0x10436D9: av_malloc (mem.c:87) >> ==8580== by 0x661100: hls_write_header (hlsenc.c:1457) >> ==8580== by 0x6BD751: write_header_internal (mux.c:466) >> ==8580== by 0x6BF5E8: avformat_write_header (mux.c:519) >> ==8580== by 0x4A5058: check_init_output_file (ffmpeg.c:2939) >> ==8580== by 0x4A65D5: init_output_stream.constprop.23 (ffmpeg.c:3578) >> ==8580== by 0x4AABB5: reap_filters (ffmpeg.c:1424) >> ==8580== by 0x4AFFF8: transcode_step (ffmpeg.c:4546) >> ==8580== by 0x4AFFF8: transcode (ffmpeg.c:4590) >> ==8580== by 0x48DF41: main (ffmpeg.c:4796) > > I have send a new patch to fix it :) Thanks, your patch fixes it indeed. Regards, Marton
diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 418f153c6f..55ce800c5a 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -1335,6 +1335,7 @@ static int hls_write_header(AVFormatContext *s) AVDictionary *options = NULL; int basename_size = 0; int vtt_basename_size = 0; + int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; if (hls->segment_type == SEGMENT_TYPE_FMP4) { pattern = "%d.m4s"; @@ -1445,7 +1446,6 @@ static int hls_write_header(AVFormatContext *s) } if (av_strcasecmp(hls->fmp4_init_filename, "init.mp4")) { - int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1; hls->base_output_dirname = av_malloc(fmp4_init_filename_len); if (!hls->base_output_dirname) { ret = AVERROR(ENOMEM); @@ -1453,19 +1453,25 @@ static int hls_write_header(AVFormatContext *s) } av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, fmp4_init_filename_len); } else { - hls->base_output_dirname = av_malloc(basename_size); + if (basename_size > 0) { + hls->base_output_dirname = av_malloc(basename_size); + } else { + hls->base_output_dirname = av_malloc(strlen(hls->fmp4_init_filename)); + } if (!hls->base_output_dirname) { ret = AVERROR(ENOMEM); goto fail; } - av_strlcpy(hls->base_output_dirname, s->filename, basename_size); - p = strrchr(hls->base_output_dirname, '/'); + if (basename_size > 0) { + av_strlcpy(hls->base_output_dirname, s->filename, basename_size); + p = strrchr(hls->base_output_dirname, '/'); + } if (p) { *(p + 1) = '\0'; av_strlcat(hls->base_output_dirname, hls->fmp4_init_filename, basename_size); } else { - av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, basename_size); + av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, fmp4_init_filename_len); } }
fix ticket id: #6777 when use argument hls_segment_filename, the basename_size will be 0 Signed-off-by: Steven Liu <lq@chinaffmpeg.org> --- libavformat/hlsenc.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-)