From patchwork Tue May 5 14:16:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 19507 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id B8B60448D6A for ; Tue, 5 May 2020 17:17:20 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9896668BC7C; Tue, 5 May 2020 17:17:20 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A5EFC68BAF6 for ; Tue, 5 May 2020 17:17:14 +0300 (EEST) Received: by mail-wr1-f66.google.com with SMTP id l18so2933352wrn.6 for ; Tue, 05 May 2020 07:17:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=0h/BQYZV0PP42hCwbhZTV4/bto71x2yM7A0LjLInRyU=; b=DAg/rN2RfbxLsmZGBY9gUBKXkuJjZuRucWCXZWFQ5pwp/cmhRaXW/p3VFeI9CZgyJP R8st/B87DreubVH8Mht0J7uPBOopuk5yivFmVes2BkHnww7hvk3o/7bxM/Zpl6aIUdLj lVoNqRZ6ur7wvj95C80YyOBQPDJAfMZup/RWwNpJLh8wYAArwGqw5LBdSPDgvWGKuFv/ AYdGw6uUQZKVVcfzyFAdoQeNfy3YPJPfh2Fyu1XNnkTWfLTk8lD1aSdKmMtiF+e7Q8yJ A8CfrFbtmSHkJtfPDaaMHPk31YSJndoQGhvihGDpL0MSOEG0a8HbMtv8jB1Rb6yMHIRv VxPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0h/BQYZV0PP42hCwbhZTV4/bto71x2yM7A0LjLInRyU=; b=c56b9v8kvNyRm7BXAmnW2VM8ovGy4rZN+WtJXwISd/q5a4adVyLG7MFgL7JUj4YDAJ dIgkiKrdREnBEugBbab+ILhnh7wHrp9zH+AMV7jSu0MQtCFtn9y3uTpfNjdTwF9mQerT c3y710VV8qI/nM8HPL3w6wzf/o85Bnfb9tPAgeizd8LoiAZW43bBBz2TW4i0mvYQ+sq/ HZfx8H40lUIFwQChsXINYvY1S5DU+oX7Hz8NOJ2nrVj3X4MPwlBDjiYipkBO+tUua++F FFpmlQIh9Kz5vIA0deiCITMF5ZRgQG9dSppomRXSZj1oBQnC3EJ6P89wu5geMj5n1TEL m+4w== X-Gm-Message-State: AGi0Pub6HolfRvii2hNydu2f7WNXExfthj9c9KH6IB7/J6LPhJV/X5js FycLlCCCAczUDpMpKCEjmwxyDWzj X-Google-Smtp-Source: APiQypJhnDJngAgZTYm9d6iOsmTPTNUY+HnqPVOsx4Iqzc/nhTytSO7gE9MOJIwX/g7fGieAdPwkiw== X-Received: by 2002:a5d:5445:: with SMTP id w5mr3880089wrv.422.1588688233611; Tue, 05 May 2020 07:17:13 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1ab57.dynamic.kabel-deutschland.de. [188.193.171.87]) by smtp.gmail.com with ESMTPSA id d18sm3523331wrv.14.2020.05.05.07.17.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2020 07:17:12 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Tue, 5 May 2020 16:16:56 +0200 Message-Id: <20200505141657.10787-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200504182250.26141-1-andreas.rheinhardt@gmail.com> References: <20200504182250.26141-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 11/12] avformat/nutenc: Don't segfault when chapters are added during muxing X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" When writing the header, the NUT muxer allocates an array with as many entries as there are chapters containing information about the used timebase. This information is used when writing the headers and also when resending the headers (as the NUT muxer does from time to time). When the NUT muxer writes or resends the headers, it simply presumes that there are enough entries in its array for each chapter in the AVFormatContext. Yet users are allowed to add chapters during the muxing process, so this presumption is wrong and may lead to segfaults. So explicitly store the number of entries of the chapter array and refer to this number whenever headers are written. Signed-off-by: Andreas Rheinhardt --- This patch presumes that the user may not change or remove the chapters available during writing the header (if there were chapters available when writing the header at all). I hope this is ok. libavformat/nut.h | 1 + libavformat/nutenc.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/nut.h b/libavformat/nut.h index a4409ee23d..52225fed93 100644 --- a/libavformat/nut.h +++ b/libavformat/nut.h @@ -115,6 +115,7 @@ typedef struct NUTContext { int flags; int version; // version currently in use int minor_version; + unsigned nb_chapters; } NUTContext; extern const AVCodecTag ff_nut_subtitle_tags[]; diff --git a/libavformat/nutenc.c b/libavformat/nutenc.c index 5071278835..2d35c44b79 100644 --- a/libavformat/nutenc.c +++ b/libavformat/nutenc.c @@ -675,7 +675,7 @@ static int write_headers(AVFormatContext *avctx, AVIOContext *bc) goto fail; } - for (i = 0; i < nut->avf->nb_chapters; i++) { + for (i = 0; i < nut->nb_chapters; i++) { write_chapter(nut, dyn_bc, i, prelude, &prelude_size); ret = put_packet(nut, bc, dyn_bc, prelude, prelude_size, INFO_STARTCODE); if (ret < 0) @@ -719,6 +719,7 @@ static int nut_write_header(AVFormatContext *s) nut->chapter = av_calloc(s->nb_chapters, sizeof(*nut->chapter)); if (!nut->chapter) return AVERROR(ENOMEM); + nut->nb_chapters = s->nb_chapters; } for (i = 0; i < s->nb_streams; i++) {