[FFmpeg-devel] fftools/ffmpeg_optc AVDictionary **opts, If memory allocation fails,

Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL.
This situation is compatible in avformat_find_stream_info(). 
Before av_dict_free(), the necessary checks were ignored.

// in fftools/ffmpeg_opt.c:1266
1067 static int open_input_file(OptionsContext *o, const char *filename)
1068 {
      ...
1191         AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts);
      ...
1196         ret = avformat_find_stream_info(ic, opts);
1197 
1198         for (i = 0; i < orig_nb_streams; i++)
1199             av_dict_free(&opts[i]);
      ...
1342 }
```
```c
// in libavutil/dict.c:203
203 void av_dict_free(AVDictionary **pm)
204 {
205     AVDictionary *m = *pm;
      ...
215 }

coredump backtrace info:
==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
==6235==The signal is caused by a READ memory access.
==6235==Hint: address points to the zero page.
    #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
    #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
    #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
    #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
    #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
    #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)

Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Yu Yang <young_chelsea@163.com>
---
 fftools/ffmpeg_opt.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

Yu Yang:
> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL.
> This situation is compatible in avformat_find_stream_info(). 
> Before av_dict_free(), the necessary checks were ignored.
> 
> // in fftools/ffmpeg_opt.c:1266
> 1067 static int open_input_file(OptionsContext *o, const char *filename)
> 1068 {
>       ...
> 1191         AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts);
>       ...
> 1196         ret = avformat_find_stream_info(ic, opts);
> 1197 
> 1198         for (i = 0; i < orig_nb_streams; i++)
> 1199             av_dict_free(&opts[i]);
>       ...
> 1342 }
> ```
> ```c
> // in libavutil/dict.c:203
> 203 void av_dict_free(AVDictionary **pm)
> 204 {
> 205     AVDictionary *m = *pm;
>       ...
> 215 }
> 
> coredump backtrace info:
> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
> ==6235==The signal is caused by a READ memory access.
> ==6235==Hint: address points to the zero page.
>     #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
>     #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
>     #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
>     #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
>     #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
>     #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
>     #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
> 
> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
> Signed-off-by: Yu Yang <young_chelsea@163.com>
> ---
>  fftools/ffmpeg_opt.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
> index a27263b879..a9fc54d948 100644
> --- a/fftools/ffmpeg_opt.c
> +++ b/fftools/ffmpeg_opt.c
> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename)
>          /* If not enough info to get the stream parameters, we decode the
>             first frames to get it. (used in mpeg case for example) */
>          ret = avformat_find_stream_info(ic, opts);
> -
> -        for (i = 0; i < orig_nb_streams; i++)
> -            av_dict_free(&opts[i]);
> -        av_freep(&opts);
> +        if (opts){
> +            for (i = 0; i < orig_nb_streams; i++)
> +                av_dict_free(&opts[i]);
> +            av_freep(&opts);
> +        }
>  
>          if (ret < 0) {
>              av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename);
> 

You should instead check setup_find_stream_info_opts() (either only call
it if orig_nb_streams is > 0 or modify it to return an error code given
that it can currently return NULL even on nonerror).

- Andreas

> 2021年12月3日 下午5:42，Andreas Rheinhardt <andreas.rheinhardt@outlook.com> 写道：
> 
> Yu Yang:
>> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL.
>> This situation is compatible in avformat_find_stream_info(). 
>> Before av_dict_free(), the necessary checks were ignored.
>> 
>> // in fftools/ffmpeg_opt.c:1266
>> 1067 static int open_input_file(OptionsContext *o, const char *filename)
>> 1068 {
>>      ...
>> 1191         AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts);
>>      ...
>> 1196         ret = avformat_find_stream_info(ic, opts);
>> 1197 
>> 1198         for (i = 0; i < orig_nb_streams; i++)
>> 1199             av_dict_free(&opts[i]);
>>      ...
>> 1342 }
>> ```
>> ```c
>> // in libavutil/dict.c:203
>> 203 void av_dict_free(AVDictionary **pm)
>> 204 {
>> 205     AVDictionary *m = *pm;
>>      ...
>> 215 }
>> 
>> coredump backtrace info:
>> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
>> ==6235==The signal is caused by a READ memory access.
>> ==6235==Hint: address points to the zero page.
>>    #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
>>    #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
>>    #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
>>    #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
>>    #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
>>    #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
>>    #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
>> 
>> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
>> Signed-off-by: Yu Yang <young_chelsea@163.com>
>> ---
>> fftools/ffmpeg_opt.c | 9 +++++----
>> 1 file changed, 5 insertions(+), 4 deletions(-)
>> 
>> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
>> index a27263b879..a9fc54d948 100644
>> --- a/fftools/ffmpeg_opt.c
>> +++ b/fftools/ffmpeg_opt.c
>> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename)
>>         /* If not enough info to get the stream parameters, we decode the
>>            first frames to get it. (used in mpeg case for example) */
>>         ret = avformat_find_stream_info(ic, opts);
>> -
>> -        for (i = 0; i < orig_nb_streams; i++)
>> -            av_dict_free(&opts[i]);
>> -        av_freep(&opts);
>> +        if (opts){
>> +            for (i = 0; i < orig_nb_streams; i++)
>> +                av_dict_free(&opts[i]);
>> +            av_freep(&opts);
>> +        }
>> 
>>         if (ret < 0) {
>>             av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename);
>> 
> 
> You should instead check setup_find_stream_info_opts() (either only call
> it if orig_nb_streams is > 0 or modify it to return an error code given
> that it can currently return NULL even on nonerror).
Thanks for your advice, i will try to fix it again.
> 
> - Andreas
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

> 2021年12月3日 下午8:06，Yy <young_chelsea@163.com> 写道：
> 
> 
> 
>> 2021年12月3日 下午5:42，Andreas Rheinhardt <andreas.rheinhardt@outlook.com <mailto:andreas.rheinhardt@outlook.com>> 写道：
>> 
>> Yu Yang:
>>> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL.
>>> This situation is compatible in avformat_find_stream_info(). 
>>> Before av_dict_free(), the necessary checks were ignored.
>>> 
>>> // in fftools/ffmpeg_opt.c:1266
>>> 1067 static int open_input_file(OptionsContext *o, const char *filename)
>>> 1068 {
>>>     ...
>>> 1191         AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts);
>>>     ...
>>> 1196         ret = avformat_find_stream_info(ic, opts);
>>> 1197 
>>> 1198         for (i = 0; i < orig_nb_streams; i++)
>>> 1199             av_dict_free(&opts[i]);
>>>     ...
>>> 1342 }
>>> ```
>>> ```c
>>> // in libavutil/dict.c:203
>>> 203 void av_dict_free(AVDictionary **pm)
>>> 204 {
>>> 205     AVDictionary *m = *pm;
>>>     ...
>>> 215 }
>>> 
>>> coredump backtrace info:
>>> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
>>> ==6235==The signal is caused by a READ memory access.
>>> ==6235==Hint: address points to the zero page.
>>>   #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
>>>   #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
>>>   #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
>>>   #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
>>>   #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
>>>   #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
>>>   #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
>>> 
>>> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
>>> Signed-off-by: Yu Yang <young_chelsea@163.com>
>>> ---
>>> fftools/ffmpeg_opt.c | 9 +++++----
>>> 1 file changed, 5 insertions(+), 4 deletions(-)
>>> 
>>> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
>>> index a27263b879..a9fc54d948 100644
>>> --- a/fftools/ffmpeg_opt.c
>>> +++ b/fftools/ffmpeg_opt.c
>>> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename)
>>>        /* If not enough info to get the stream parameters, we decode the
>>>           first frames to get it. (used in mpeg case for example) */
>>>        ret = avformat_find_stream_info(ic, opts);
>>> -
>>> -        for (i = 0; i < orig_nb_streams; i++)
>>> -            av_dict_free(&opts[i]);
>>> -        av_freep(&opts);
>>> +        if (opts){
>>> +            for (i = 0; i < orig_nb_streams; i++)
>>> +                av_dict_free(&opts[i]);
>>> +            av_freep(&opts);
>>> +        }
>>> 
>>>        if (ret < 0) {
>>>            av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename);
>>> 
>> 
>> You should instead check setup_find_stream_info_opts() (either only call
>> it if orig_nb_streams is > 0 or modify it to return an error code given
>> that it can currently return NULL even on nonerror).
> Thanks for your advice, i will try to fix it again.
>> - Andreas
Hi, I try to fix this problem lastday and it not work. Today, I refer to your suggestion 
above to modify. But I think may be you misunderstood this bug. Because of no alloc memory for stream opts, ‘&opts[I]’ free caused crash.  And if orig_nb_streams == 0, 
crash won’t happen. So I think it is unnecessary to fix it call setup_find_stream_info_opts()
If orig_nb_streams is > 0. Opts == NULL when  orig_nb_streams == 0 or no alloc memory. 
I don’t think it is error. Because avformat_find_stream_info() allow opts == NULL. 
But we need to check if opts == NULL before releasing. May be this fix is right?
How do you think?   
Thx.
-Yu Yang
>> ___________ ____________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel@ffmpeg.org <mailto:ffmpeg-devel@ffmpeg.org>
>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>
>> 
>> To unsubscribe, visit link above, or email
>> ffmpeg-devel-request@ffmpeg.org <mailto:ffmpeg-devel-request@ffmpeg.org> with subject "unsubscribe".

Yy:
> 
> 
>> 2021年12月3日 下午8:06，Yy <young_chelsea@163.com> 写道：
>>
>>
>>
>>> 2021年12月3日 下午5:42，Andreas Rheinhardt <andreas.rheinhardt@outlook.com <mailto:andreas.rheinhardt@outlook.com>> 写道：
>>>
>>> Yu Yang:
>>>> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL.
>>>> This situation is compatible in avformat_find_stream_info(). 
>>>> Before av_dict_free(), the necessary checks were ignored.
>>>>
>>>> // in fftools/ffmpeg_opt.c:1266
>>>> 1067 static int open_input_file(OptionsContext *o, const char *filename)
>>>> 1068 {
>>>>     ...
>>>> 1191         AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts);
>>>>     ...
>>>> 1196         ret = avformat_find_stream_info(ic, opts);
>>>> 1197 
>>>> 1198         for (i = 0; i < orig_nb_streams; i++)
>>>> 1199             av_dict_free(&opts[i]);
>>>>     ...
>>>> 1342 }
>>>> ```
>>>> ```c
>>>> // in libavutil/dict.c:203
>>>> 203 void av_dict_free(AVDictionary **pm)
>>>> 204 {
>>>> 205     AVDictionary *m = *pm;
>>>>     ...
>>>> 215 }
>>>>
>>>> coredump backtrace info:
>>>> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
>>>> ==6235==The signal is caused by a READ memory access.
>>>> ==6235==Hint: address points to the zero page.
>>>>   #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
>>>>   #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
>>>>   #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
>>>>   #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
>>>>   #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
>>>>   #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
>>>>   #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
>>>>
>>>> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
>>>> Signed-off-by: Yu Yang <young_chelsea@163.com>
>>>> ---
>>>> fftools/ffmpeg_opt.c | 9 +++++----
>>>> 1 file changed, 5 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
>>>> index a27263b879..a9fc54d948 100644
>>>> --- a/fftools/ffmpeg_opt.c
>>>> +++ b/fftools/ffmpeg_opt.c
>>>> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename)
>>>>        /* If not enough info to get the stream parameters, we decode the
>>>>           first frames to get it. (used in mpeg case for example) */
>>>>        ret = avformat_find_stream_info(ic, opts);
>>>> -
>>>> -        for (i = 0; i < orig_nb_streams; i++)
>>>> -            av_dict_free(&opts[i]);
>>>> -        av_freep(&opts);
>>>> +        if (opts){
>>>> +            for (i = 0; i < orig_nb_streams; i++)
>>>> +                av_dict_free(&opts[i]);
>>>> +            av_freep(&opts);
>>>> +        }
>>>>
>>>>        if (ret < 0) {
>>>>            av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename);
>>>>
>>>
>>> You should instead check setup_find_stream_info_opts() (either only call
>>> it if orig_nb_streams is > 0 or modify it to return an error code given
>>> that it can currently return NULL even on nonerror).
>> Thanks for your advice, i will try to fix it again.
>>> - Andreas
> Hi, I try to fix this problem lastday and it not work. Today, I refer to your suggestion 
> above to modify. But I think may be you misunderstood this bug. Because of no alloc memory for stream opts, ‘&opts[I]’ free caused crash.  And if orig_nb_streams == 0, 
> crash won’t happen. So I think it is unnecessary to fix it call setup_find_stream_info_opts()
> If orig_nb_streams is > 0. Opts == NULL when  orig_nb_streams == 0 or no alloc memory. 
> I don’t think it is error. Because avformat_find_stream_info() allow opts == NULL. 
> But we need to check if opts == NULL before releasing. May be this fix is right?
> How do you think?   
> Thx.
> -Yu Yang

We don't need to check for opts == NULL before releasing if we actually
checked that this array has been properly allocated in case it needs to
be allocated; in case it could not be allocated, we should not call
avformat_find_stream_info() at all.

- Andreas

> 2021年12月7日 上午1:48，Andreas Rheinhardt <andreas.rheinhardt@outlook.com> 写道：
> 
> Yy:
>> 
>> 
>>> 2021年12月3日 下午8:06，Yy <young_chelsea@163.com> 写道：
>>> 
>>> 
>>> 
>>>> 2021年12月3日 下午5:42，Andreas Rheinhardt <andreas.rheinhardt@outlook.com <mailto:andreas.rheinhardt@outlook.com>> 写道：
>>>> 
>>>> Yu Yang:
>>>>> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL.
>>>>> This situation is compatible in avformat_find_stream_info(). 
>>>>> Before av_dict_free(), the necessary checks were ignored.
>>>>> 
>>>>> // in fftools/ffmpeg_opt.c:1266
>>>>> 1067 static int open_input_file(OptionsContext *o, const char *filename)
>>>>> 1068 {
>>>>>    ...
>>>>> 1191         AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts);
>>>>>    ...
>>>>> 1196         ret = avformat_find_stream_info(ic, opts);
>>>>> 1197 
>>>>> 1198         for (i = 0; i < orig_nb_streams; i++)
>>>>> 1199             av_dict_free(&opts[i]);
>>>>>    ...
>>>>> 1342 }
>>>>> ```
>>>>> ```c
>>>>> // in libavutil/dict.c:203
>>>>> 203 void av_dict_free(AVDictionary **pm)
>>>>> 204 {
>>>>> 205     AVDictionary *m = *pm;
>>>>>    ...
>>>>> 215 }
>>>>> 
>>>>> coredump backtrace info:
>>>>> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
>>>>> ==6235==The signal is caused by a READ memory access.
>>>>> ==6235==Hint: address points to the zero page.
>>>>>  #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
>>>>>  #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
>>>>>  #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
>>>>>  #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
>>>>>  #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
>>>>>  #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
>>>>>  #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
>>>>> 
>>>>> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
>>>>> Signed-off-by: Yu Yang <young_chelsea@163.com>
>>>>> ---
>>>>> fftools/ffmpeg_opt.c | 9 +++++----
>>>>> 1 file changed, 5 insertions(+), 4 deletions(-)
>>>>> 
>>>>> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
>>>>> index a27263b879..a9fc54d948 100644
>>>>> --- a/fftools/ffmpeg_opt.c
>>>>> +++ b/fftools/ffmpeg_opt.c
>>>>> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename)
>>>>>       /* If not enough info to get the stream parameters, we decode the
>>>>>          first frames to get it. (used in mpeg case for example) */
>>>>>       ret = avformat_find_stream_info(ic, opts);
>>>>> -
>>>>> -        for (i = 0; i < orig_nb_streams; i++)
>>>>> -            av_dict_free(&opts[i]);
>>>>> -        av_freep(&opts);
>>>>> +        if (opts){
>>>>> +            for (i = 0; i < orig_nb_streams; i++)
>>>>> +                av_dict_free(&opts[i]);
>>>>> +            av_freep(&opts);
>>>>> +        }
>>>>> 
>>>>>       if (ret < 0) {
>>>>>           av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename);
>>>>> 
>>>> 
>>>> You should instead check setup_find_stream_info_opts() (either only call
>>>> it if orig_nb_streams is > 0 or modify it to return an error code given
>>>> that it can currently return NULL even on nonerror).
>>> Thanks for your advice, i will try to fix it again.
>>>> - Andreas
>> Hi, I try to fix this problem lastday and it not work. Today, I refer to your suggestion 
>> above to modify. But I think may be you misunderstood this bug. Because of no alloc memory for stream opts, ‘&opts[I]’ free caused crash.  And if orig_nb_streams == 0, 
>> crash won’t happen. So I think it is unnecessary to fix it call setup_find_stream_info_opts()
>> If orig_nb_streams is > 0. Opts == NULL when  orig_nb_streams == 0 or no alloc memory. 
>> I don’t think it is error. Because avformat_find_stream_info() allow opts == NULL. 
>> But we need to check if opts == NULL before releasing. May be this fix is right?
>> How do you think?   
>> Thx.
>> -Yu Yang
> 
> We don't need to check for opts == NULL before releasing if we actually
> checked that this array has been properly allocated in case it needs to
> be allocated; in case it could not be allocated, we should not call
> avformat_find_stream_info() at all.
I got it now. You mean it is redundant to check opts twice. It should 
return error when it could not be allocated at first time.  I will resubmit a 
new patch today. 
Thanks for your answer.  : )  
> 
> - Andreas
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".