[FFmpeg-devel,2/5] avcodec/cbs_h2645: fix crash due to assert failure on empty nalu

Submitted by Aman Gupta on Oct. 12, 2018, 4:02 a.m.

Details

Message ID 20181012040204.21579-2-ffmpeg@tmm1.net
State New
Headers show

Commit Message

Aman Gupta Oct. 12, 2018, 4:02 a.m.
From: Aman Gupta <aman@tmm1.net>

Signed-off-by: Aman Gupta <aman@tmm1.net>
---
 libavcodec/cbs_h2645.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

mypopy@gmail.com Oct. 12, 2018, 5:02 a.m.
On Fri, Oct 12, 2018 at 12:02 PM Aman Gupta <ffmpeg@tmm1.net> wrote:
>
> From: Aman Gupta <aman@tmm1.net>
>
> Signed-off-by: Aman Gupta <aman@tmm1.net>
> ---
>  libavcodec/cbs_h2645.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
> index ab33cdb69b..13e4c1561c 100644
> --- a/libavcodec/cbs_h2645.c
> +++ b/libavcodec/cbs_h2645.c
> @@ -521,7 +521,8 @@ static int cbs_h2645_fragment_add_nals(CodedBitstreamContext *ctx,
>          // Remove trailing zeroes.
>          while (size > 0 && nal->data[size - 1] == 0)
>              --size;
> -        av_assert0(size > 0);
> +        if (size == 0)
> +            continue;
>
 I think about this fix have a discussion.
https://patchwork.ffmpeg.org/patch/8919/
>          data = av_malloc(size + AV_INPUT_BUFFER_PADDING_SIZE);
>          if (!data)
Aman Gupta Oct. 12, 2018, 5:26 a.m.
On Thu, Oct 11, 2018 at 10:03 PM mypopy@gmail.com <mypopy@gmail.com> wrote:

> On Fri, Oct 12, 2018 at 12:02 PM Aman Gupta <ffmpeg@tmm1.net> wrote:
> >
> > From: Aman Gupta <aman@tmm1.net>
> >
> > Signed-off-by: Aman Gupta <aman@tmm1.net>
> > ---
> >  libavcodec/cbs_h2645.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
> > index ab33cdb69b..13e4c1561c 100644
> > --- a/libavcodec/cbs_h2645.c
> > +++ b/libavcodec/cbs_h2645.c
> > @@ -521,7 +521,8 @@ static int
> cbs_h2645_fragment_add_nals(CodedBitstreamContext *ctx,
> >          // Remove trailing zeroes.
> >          while (size > 0 && nal->data[size - 1] == 0)
> >              --size;
> > -        av_assert0(size > 0);
> > +        if (size == 0)
> > +            continue;
> >
>  I think about this fix have a discussion.
> https://patchwork.ffmpeg.org/patch/8919/


Thanks for the link. It looks like this issue was resolved
in 9a09f4c54ab829811c2dd041cfb7196000590b78

I will backport commit that to the release/4.0 branch.

<https://patchwork.ffmpeg.org/patch/8919/>
> >          data = av_malloc(size + AV_INPUT_BUFFER_PADDING_SIZE);
> >          if (!data)
>

Patch hide | download patch | download mbox

diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
index ab33cdb69b..13e4c1561c 100644
--- a/libavcodec/cbs_h2645.c
+++ b/libavcodec/cbs_h2645.c
@@ -521,7 +521,8 @@  static int cbs_h2645_fragment_add_nals(CodedBitstreamContext *ctx,
         // Remove trailing zeroes.
         while (size > 0 && nal->data[size - 1] == 0)
             --size;
-        av_assert0(size > 0);
+        if (size == 0)
+            continue;
 
         data = av_malloc(size + AV_INPUT_BUFFER_PADDING_SIZE);
         if (!data)