Message ID | 20211203093357.65777-1-young_chelsea@163.com |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel] fftools/ffmpeg_optc AVDictionary **opts, If memory allocation fails, | expand |
Context | Check | Description |
---|---|---|
andriy/commit_msg_x86 | warning | The first line of the commit message must start with a context terminated by a colon and a space, for example "lavu/opt: " or "doc: ". |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
andriy/commit_msg_ppc | warning | The first line of the commit message must start with a context terminated by a colon and a space, for example "lavu/opt: " or "doc: ". |
andriy/make_ppc | success | Make finished |
andriy/make_fate_ppc | success | Make fate finished |
Yu Yang: > Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL. > This situation is compatible in avformat_find_stream_info(). > Before av_dict_free(), the necessary checks were ignored. > > // in fftools/ffmpeg_opt.c:1266 > 1067 static int open_input_file(OptionsContext *o, const char *filename) > 1068 { > ... > 1191 AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts); > ... > 1196 ret = avformat_find_stream_info(ic, opts); > 1197 > 1198 for (i = 0; i < orig_nb_streams; i++) > 1199 av_dict_free(&opts[i]); > ... > 1342 } > ``` > ```c > // in libavutil/dict.c:203 > 203 void av_dict_free(AVDictionary **pm) > 204 { > 205 AVDictionary *m = *pm; > ... > 215 } > > coredump backtrace info: > ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0) > ==6235==The signal is caused by a READ memory access. > ==6235==Hint: address points to the zero page. > #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23 > #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13 > #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15 > #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11 > #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11 > #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 > #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d) > > Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> > Signed-off-by: Yu Yang <young_chelsea@163.com> > --- > fftools/ffmpeg_opt.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c > index a27263b879..a9fc54d948 100644 > --- a/fftools/ffmpeg_opt.c > +++ b/fftools/ffmpeg_opt.c > @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename) > /* If not enough info to get the stream parameters, we decode the > first frames to get it. (used in mpeg case for example) */ > ret = avformat_find_stream_info(ic, opts); > - > - for (i = 0; i < orig_nb_streams; i++) > - av_dict_free(&opts[i]); > - av_freep(&opts); > + if (opts){ > + for (i = 0; i < orig_nb_streams; i++) > + av_dict_free(&opts[i]); > + av_freep(&opts); > + } > > if (ret < 0) { > av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename); > You should instead check setup_find_stream_info_opts() (either only call it if orig_nb_streams is > 0 or modify it to return an error code given that it can currently return NULL even on nonerror). - Andreas
> 2021年12月3日 下午5:42,Andreas Rheinhardt <andreas.rheinhardt@outlook.com> 写道: > > Yu Yang: >> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL. >> This situation is compatible in avformat_find_stream_info(). >> Before av_dict_free(), the necessary checks were ignored. >> >> // in fftools/ffmpeg_opt.c:1266 >> 1067 static int open_input_file(OptionsContext *o, const char *filename) >> 1068 { >> ... >> 1191 AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts); >> ... >> 1196 ret = avformat_find_stream_info(ic, opts); >> 1197 >> 1198 for (i = 0; i < orig_nb_streams; i++) >> 1199 av_dict_free(&opts[i]); >> ... >> 1342 } >> ``` >> ```c >> // in libavutil/dict.c:203 >> 203 void av_dict_free(AVDictionary **pm) >> 204 { >> 205 AVDictionary *m = *pm; >> ... >> 215 } >> >> coredump backtrace info: >> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0) >> ==6235==The signal is caused by a READ memory access. >> ==6235==Hint: address points to the zero page. >> #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23 >> #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13 >> #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15 >> #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11 >> #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11 >> #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 >> #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d) >> >> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> >> Signed-off-by: Yu Yang <young_chelsea@163.com> >> --- >> fftools/ffmpeg_opt.c | 9 +++++---- >> 1 file changed, 5 insertions(+), 4 deletions(-) >> >> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c >> index a27263b879..a9fc54d948 100644 >> --- a/fftools/ffmpeg_opt.c >> +++ b/fftools/ffmpeg_opt.c >> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename) >> /* If not enough info to get the stream parameters, we decode the >> first frames to get it. (used in mpeg case for example) */ >> ret = avformat_find_stream_info(ic, opts); >> - >> - for (i = 0; i < orig_nb_streams; i++) >> - av_dict_free(&opts[i]); >> - av_freep(&opts); >> + if (opts){ >> + for (i = 0; i < orig_nb_streams; i++) >> + av_dict_free(&opts[i]); >> + av_freep(&opts); >> + } >> >> if (ret < 0) { >> av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename); >> > > You should instead check setup_find_stream_info_opts() (either only call > it if orig_nb_streams is > 0 or modify it to return an error code given > that it can currently return NULL even on nonerror). Thanks for your advice, i will try to fix it again. > > - Andreas > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
> 2021年12月3日 下午8:06,Yy <young_chelsea@163.com> 写道: > > > >> 2021年12月3日 下午5:42,Andreas Rheinhardt <andreas.rheinhardt@outlook.com <mailto:andreas.rheinhardt@outlook.com>> 写道: >> >> Yu Yang: >>> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL. >>> This situation is compatible in avformat_find_stream_info(). >>> Before av_dict_free(), the necessary checks were ignored. >>> >>> // in fftools/ffmpeg_opt.c:1266 >>> 1067 static int open_input_file(OptionsContext *o, const char *filename) >>> 1068 { >>> ... >>> 1191 AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts); >>> ... >>> 1196 ret = avformat_find_stream_info(ic, opts); >>> 1197 >>> 1198 for (i = 0; i < orig_nb_streams; i++) >>> 1199 av_dict_free(&opts[i]); >>> ... >>> 1342 } >>> ``` >>> ```c >>> // in libavutil/dict.c:203 >>> 203 void av_dict_free(AVDictionary **pm) >>> 204 { >>> 205 AVDictionary *m = *pm; >>> ... >>> 215 } >>> >>> coredump backtrace info: >>> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0) >>> ==6235==The signal is caused by a READ memory access. >>> ==6235==Hint: address points to the zero page. >>> #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23 >>> #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13 >>> #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15 >>> #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11 >>> #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11 >>> #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 >>> #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d) >>> >>> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> >>> Signed-off-by: Yu Yang <young_chelsea@163.com> >>> --- >>> fftools/ffmpeg_opt.c | 9 +++++---- >>> 1 file changed, 5 insertions(+), 4 deletions(-) >>> >>> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c >>> index a27263b879..a9fc54d948 100644 >>> --- a/fftools/ffmpeg_opt.c >>> +++ b/fftools/ffmpeg_opt.c >>> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename) >>> /* If not enough info to get the stream parameters, we decode the >>> first frames to get it. (used in mpeg case for example) */ >>> ret = avformat_find_stream_info(ic, opts); >>> - >>> - for (i = 0; i < orig_nb_streams; i++) >>> - av_dict_free(&opts[i]); >>> - av_freep(&opts); >>> + if (opts){ >>> + for (i = 0; i < orig_nb_streams; i++) >>> + av_dict_free(&opts[i]); >>> + av_freep(&opts); >>> + } >>> >>> if (ret < 0) { >>> av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename); >>> >> >> You should instead check setup_find_stream_info_opts() (either only call >> it if orig_nb_streams is > 0 or modify it to return an error code given >> that it can currently return NULL even on nonerror). > Thanks for your advice, i will try to fix it again. >> - Andreas Hi, I try to fix this problem lastday and it not work. Today, I refer to your suggestion above to modify. But I think may be you misunderstood this bug. Because of no alloc memory for stream opts, ‘&opts[I]’ free caused crash. And if orig_nb_streams == 0, crash won’t happen. So I think it is unnecessary to fix it call setup_find_stream_info_opts() If orig_nb_streams is > 0. Opts == NULL when orig_nb_streams == 0 or no alloc memory. I don’t think it is error. Because avformat_find_stream_info() allow opts == NULL. But we need to check if opts == NULL before releasing. May be this fix is right? How do you think? Thx. -Yu Yang >> ___________ ____________________________________ >> ffmpeg-devel mailing list >> ffmpeg-devel@ffmpeg.org <mailto:ffmpeg-devel@ffmpeg.org> >> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel> >> >> To unsubscribe, visit link above, or email >> ffmpeg-devel-request@ffmpeg.org <mailto:ffmpeg-devel-request@ffmpeg.org> with subject "unsubscribe".
Yy: > > >> 2021年12月3日 下午8:06,Yy <young_chelsea@163.com> 写道: >> >> >> >>> 2021年12月3日 下午5:42,Andreas Rheinhardt <andreas.rheinhardt@outlook.com <mailto:andreas.rheinhardt@outlook.com>> 写道: >>> >>> Yu Yang: >>>> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL. >>>> This situation is compatible in avformat_find_stream_info(). >>>> Before av_dict_free(), the necessary checks were ignored. >>>> >>>> // in fftools/ffmpeg_opt.c:1266 >>>> 1067 static int open_input_file(OptionsContext *o, const char *filename) >>>> 1068 { >>>> ... >>>> 1191 AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts); >>>> ... >>>> 1196 ret = avformat_find_stream_info(ic, opts); >>>> 1197 >>>> 1198 for (i = 0; i < orig_nb_streams; i++) >>>> 1199 av_dict_free(&opts[i]); >>>> ... >>>> 1342 } >>>> ``` >>>> ```c >>>> // in libavutil/dict.c:203 >>>> 203 void av_dict_free(AVDictionary **pm) >>>> 204 { >>>> 205 AVDictionary *m = *pm; >>>> ... >>>> 215 } >>>> >>>> coredump backtrace info: >>>> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0) >>>> ==6235==The signal is caused by a READ memory access. >>>> ==6235==Hint: address points to the zero page. >>>> #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23 >>>> #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13 >>>> #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15 >>>> #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11 >>>> #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11 >>>> #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 >>>> #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d) >>>> >>>> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> >>>> Signed-off-by: Yu Yang <young_chelsea@163.com> >>>> --- >>>> fftools/ffmpeg_opt.c | 9 +++++---- >>>> 1 file changed, 5 insertions(+), 4 deletions(-) >>>> >>>> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c >>>> index a27263b879..a9fc54d948 100644 >>>> --- a/fftools/ffmpeg_opt.c >>>> +++ b/fftools/ffmpeg_opt.c >>>> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename) >>>> /* If not enough info to get the stream parameters, we decode the >>>> first frames to get it. (used in mpeg case for example) */ >>>> ret = avformat_find_stream_info(ic, opts); >>>> - >>>> - for (i = 0; i < orig_nb_streams; i++) >>>> - av_dict_free(&opts[i]); >>>> - av_freep(&opts); >>>> + if (opts){ >>>> + for (i = 0; i < orig_nb_streams; i++) >>>> + av_dict_free(&opts[i]); >>>> + av_freep(&opts); >>>> + } >>>> >>>> if (ret < 0) { >>>> av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename); >>>> >>> >>> You should instead check setup_find_stream_info_opts() (either only call >>> it if orig_nb_streams is > 0 or modify it to return an error code given >>> that it can currently return NULL even on nonerror). >> Thanks for your advice, i will try to fix it again. >>> - Andreas > Hi, I try to fix this problem lastday and it not work. Today, I refer to your suggestion > above to modify. But I think may be you misunderstood this bug. Because of no alloc memory for stream opts, ‘&opts[I]’ free caused crash. And if orig_nb_streams == 0, > crash won’t happen. So I think it is unnecessary to fix it call setup_find_stream_info_opts() > If orig_nb_streams is > 0. Opts == NULL when orig_nb_streams == 0 or no alloc memory. > I don’t think it is error. Because avformat_find_stream_info() allow opts == NULL. > But we need to check if opts == NULL before releasing. May be this fix is right? > How do you think? > Thx. > -Yu Yang We don't need to check for opts == NULL before releasing if we actually checked that this array has been properly allocated in case it needs to be allocated; in case it could not be allocated, we should not call avformat_find_stream_info() at all. - Andreas
> 2021年12月7日 上午1:48,Andreas Rheinhardt <andreas.rheinhardt@outlook.com> 写道: > > Yy: >> >> >>> 2021年12月3日 下午8:06,Yy <young_chelsea@163.com> 写道: >>> >>> >>> >>>> 2021年12月3日 下午5:42,Andreas Rheinhardt <andreas.rheinhardt@outlook.com <mailto:andreas.rheinhardt@outlook.com>> 写道: >>>> >>>> Yu Yang: >>>>> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL. >>>>> This situation is compatible in avformat_find_stream_info(). >>>>> Before av_dict_free(), the necessary checks were ignored. >>>>> >>>>> // in fftools/ffmpeg_opt.c:1266 >>>>> 1067 static int open_input_file(OptionsContext *o, const char *filename) >>>>> 1068 { >>>>> ... >>>>> 1191 AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts); >>>>> ... >>>>> 1196 ret = avformat_find_stream_info(ic, opts); >>>>> 1197 >>>>> 1198 for (i = 0; i < orig_nb_streams; i++) >>>>> 1199 av_dict_free(&opts[i]); >>>>> ... >>>>> 1342 } >>>>> ``` >>>>> ```c >>>>> // in libavutil/dict.c:203 >>>>> 203 void av_dict_free(AVDictionary **pm) >>>>> 204 { >>>>> 205 AVDictionary *m = *pm; >>>>> ... >>>>> 215 } >>>>> >>>>> coredump backtrace info: >>>>> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0) >>>>> ==6235==The signal is caused by a READ memory access. >>>>> ==6235==Hint: address points to the zero page. >>>>> #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23 >>>>> #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13 >>>>> #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15 >>>>> #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11 >>>>> #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11 >>>>> #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 >>>>> #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d) >>>>> >>>>> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> >>>>> Signed-off-by: Yu Yang <young_chelsea@163.com> >>>>> --- >>>>> fftools/ffmpeg_opt.c | 9 +++++---- >>>>> 1 file changed, 5 insertions(+), 4 deletions(-) >>>>> >>>>> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c >>>>> index a27263b879..a9fc54d948 100644 >>>>> --- a/fftools/ffmpeg_opt.c >>>>> +++ b/fftools/ffmpeg_opt.c >>>>> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename) >>>>> /* If not enough info to get the stream parameters, we decode the >>>>> first frames to get it. (used in mpeg case for example) */ >>>>> ret = avformat_find_stream_info(ic, opts); >>>>> - >>>>> - for (i = 0; i < orig_nb_streams; i++) >>>>> - av_dict_free(&opts[i]); >>>>> - av_freep(&opts); >>>>> + if (opts){ >>>>> + for (i = 0; i < orig_nb_streams; i++) >>>>> + av_dict_free(&opts[i]); >>>>> + av_freep(&opts); >>>>> + } >>>>> >>>>> if (ret < 0) { >>>>> av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename); >>>>> >>>> >>>> You should instead check setup_find_stream_info_opts() (either only call >>>> it if orig_nb_streams is > 0 or modify it to return an error code given >>>> that it can currently return NULL even on nonerror). >>> Thanks for your advice, i will try to fix it again. >>>> - Andreas >> Hi, I try to fix this problem lastday and it not work. Today, I refer to your suggestion >> above to modify. But I think may be you misunderstood this bug. Because of no alloc memory for stream opts, ‘&opts[I]’ free caused crash. And if orig_nb_streams == 0, >> crash won’t happen. So I think it is unnecessary to fix it call setup_find_stream_info_opts() >> If orig_nb_streams is > 0. Opts == NULL when orig_nb_streams == 0 or no alloc memory. >> I don’t think it is error. Because avformat_find_stream_info() allow opts == NULL. >> But we need to check if opts == NULL before releasing. May be this fix is right? >> How do you think? >> Thx. >> -Yu Yang > > We don't need to check for opts == NULL before releasing if we actually > checked that this array has been properly allocated in case it needs to > be allocated; in case it could not be allocated, we should not call > avformat_find_stream_info() at all. I got it now. You mean it is redundant to check opts twice. It should return error when it could not be allocated at first time. I will resubmit a new patch today. Thanks for your answer. : ) > > - Andreas > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c index a27263b879..a9fc54d948 100644 --- a/fftools/ffmpeg_opt.c +++ b/fftools/ffmpeg_opt.c @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename) /* If not enough info to get the stream parameters, we decode the first frames to get it. (used in mpeg case for example) */ ret = avformat_find_stream_info(ic, opts); - - for (i = 0; i < orig_nb_streams; i++) - av_dict_free(&opts[i]); - av_freep(&opts); + if (opts){ + for (i = 0; i < orig_nb_streams; i++) + av_dict_free(&opts[i]); + av_freep(&opts); + } if (ret < 0) { av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename);
Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL. This situation is compatible in avformat_find_stream_info(). Before av_dict_free(), the necessary checks were ignored. // in fftools/ffmpeg_opt.c:1266 1067 static int open_input_file(OptionsContext *o, const char *filename) 1068 { ... 1191 AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts); ... 1196 ret = avformat_find_stream_info(ic, opts); 1197 1198 for (i = 0; i < orig_nb_streams; i++) 1199 av_dict_free(&opts[i]); ... 1342 } ``` ```c // in libavutil/dict.c:203 203 void av_dict_free(AVDictionary **pm) 204 { 205 AVDictionary *m = *pm; ... 215 } coredump backtrace info: ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0) ==6235==The signal is caused by a READ memory access. ==6235==Hint: address points to the zero page. #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23 #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13 #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15 #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11 #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11 #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d) Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> Signed-off-by: Yu Yang <young_chelsea@163.com> --- fftools/ffmpeg_opt.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)