From patchwork Mon Sep 7 02:49:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 22136 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 2F78A44BB3D for ; Mon, 7 Sep 2020 05:51:16 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 09FFA688392; Mon, 7 Sep 2020 05:51:16 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f66.google.com (mail-ej1-f66.google.com [209.85.218.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id AFF9E688392 for ; Mon, 7 Sep 2020 05:51:09 +0300 (EEST) Received: by mail-ej1-f66.google.com with SMTP id q13so16151383ejo.9 for ; Sun, 06 Sep 2020 19:51:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=w/RdSFKRwSH26QJP1HfTyZE3RzHceZxrB+bIQWeaAjY=; b=Gqs7RueIQ/B+mmkJMm4NR/4HS0CCRFkxY0GASbUv3gVO5dvxJHFbjHRRH2yKKGmtOO sxdftPIyKHDoI8ac9sHa/VZRciM09gO/PF2mS9OVMU21D1Wj7lumFbnWhb0KEBYD73bl QWhcMhpj65NH3rynF9qA9LSN2ZRCqfjtGUKHY1Ks9Od3Cn+mkF/xNVk92KwdpQ9OIZmw AGRWtTNuJpsVK1tjZx9NWcrAKQeg4QMgOwn52xYSe6lOkEDSbmS8TBQ29VmswIdptX4h hzy9Mz9JxCgl8eViNTGGCaa7TtxKGQZeanM3F6ltbDAv/+3EMiy9SSnxiA0dw+piqQbe 8DqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=w/RdSFKRwSH26QJP1HfTyZE3RzHceZxrB+bIQWeaAjY=; b=Dn/olwbHdSgzlU19qwqUSg8gRGr5QQ4qkfFdYWcHQBYTXqen1yFrTuHTqlu+3tcdYq +0Kc04G5QNDF/VP4cK8fkK4G+QsI56mavC3vrfNXGiN8RYVFWto/fC9boWnuSxVbxhl3 wX/t1oH09MPtYo3VNb+YJIN5moHbaDEG0wH8HfjnDdJfgV7XG53LjVExJL2VKniJmmod cUPvldn80WWjy8V2cbkjjUth+dqda2I64pBXoz7BMrYGJkHH1YlNU1n4aRA8yqAXp6I0 poCxRNg1VSa+PAD9jj8mWuFIBarot1N7PcRvszeioONiNOLn+12TPV4bHZalDZgxZ+0w zz9A== X-Gm-Message-State: AOAM530Fxp63fvnMvsm1T2iytP0ERKyLet4S40LhfgZeF7gWaHmvICYw fX15dDdEg72kIUo4cEAJknvsr9JMVpk= X-Google-Smtp-Source: ABdhPJwVl5xfffaMPK1ORk/f8T2X5hRr8yb2O4Qsh5SxOaOn4VtLdrlCbzNEsetITiGM2wucW/EmTw== X-Received: by 2002:a17:906:5284:: with SMTP id c4mr18726423ejm.521.1599447068874; Sun, 06 Sep 2020 19:51:08 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id a15sm13802048eje.16.2020.09.06.19.51.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Sep 2020 19:51:08 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 7 Sep 2020 04:49:46 +0200 Message-Id: <20200907024952.11697-4-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200907024952.11697-1-andreas.rheinhardt@gmail.com> References: <20200907024952.11697-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 04/10] avformat/segment: Fix segfault when error happens and segment list is output X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The segment muxer has an option to output a file containing a list of the segments written. The AVIOContext used for writing this file is opened via the main AVFormatContext's io_open callback; seg_free() meanwhile unconditionally closes this AVIOContext by calling ff_format_io_close() with the child muxer (the one for the actual output format) as AVFormatContext. The problem hereby is that the child AVFormatContext need not exist, even when the AVIOContext does. This leads to a segfault in ff_format_io_close() when the child muxer's io_close callback is called. Situations in which the AVFormatContext can be NULL range from an invalid reference stream parameter to an unavailable/bogus/unsupported output format to inability to allocate the AVFormatContext. The solution is to simply close the AVIOContext with the AVFormatContext that was used to open it: The main AVFormatContext. Signed-off-by: Andreas Rheinhardt --- libavformat/segment.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/segment.c b/libavformat/segment.c index 9fafec0e35..e30e47b62e 100644 --- a/libavformat/segment.c +++ b/libavformat/segment.c @@ -660,7 +660,7 @@ static int select_reference_stream(AVFormatContext *s) static void seg_free(AVFormatContext *s) { SegmentContext *seg = s->priv_data; - ff_format_io_close(seg->avf, &seg->list_pb); + ff_format_io_close(s, &seg->list_pb); avformat_free_context(seg->avf); seg->avf = NULL; av_freep(&seg->times);