From patchwork Fri Dec 3 09:33:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yy X-Patchwork-Id: 31906 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp433385iog; Fri, 3 Dec 2021 01:38:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJxXonXYdNazDlxa9OosHK/df38V21sjmrFirEBz61Kx14zQjiw/9AY01ZqIVVKaFltSetjX X-Received: by 2002:a17:907:7b99:: with SMTP id ne25mr22088775ejc.15.1638524338558; Fri, 03 Dec 2021 01:38:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638524338; cv=none; d=google.com; s=arc-20160816; b=GSO39T2M5u2YpIHYHyS2X0T1nDtpmjcuKZ7Q9A/+oqWPteJ0KT9tRCeIdYi4c1HPIr sET2IIS4z4BvDnLBB4XikSSEr3tida0yeY14HGC6tRjAEon8HjtBKxw1whb+eqV8VsZa 0yM8a/z908+NoV7yd/mSI17vYO/Glu9x5RxR2+CwwX8bkwy5sfOCc1A6YU7X2mrlekQL f2Az855pEvkuk8Nvneb0yPF5CFdZtnycEa7M2YSG0wZDUOzJM8d3fNzN/10AktL7pO9y PmyfjsumroHSZDdTaNJchjyVgvR2+ykH+6d1DsJR7n76hA+/GlhwW8Rn/dl+vp/lBYut 7JKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=lGoCrO9Aw5jW5GbM9bDeiK15X5FtXjXm2Al14qgOJio=; b=Aw4l7yCrUQRXMIkFeD1VgzDDd1IzpKlktJFS1VEgecxBUj/61JfiQrNsiZ6M+BsE3d xDcBNBfVdUvVIpEbqTkM6AzJZyPmS8Qom58COgLEedW8NXUr6rNVsv87NklZ8yBd+M9U W0tNMtqIc6orD26xbU7of69H3iRHv5Dszz8MdYN/toNKrpSQn+x/M76qV83W4DgxxPI7 x2kyaAYIy0NC/TMH5YGeHijZYeGpu27JkjYSgf0XIzfZ/A/UPEkplSwQsYkKpKqekm3I HbXNRoSYpliQU1g1xhlQWZScOyhVEBrAHchsCm33yETBoPAoE/YNUfbaSkCOtwBc6nut QNOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=PmgJiwfg; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id h13si3362860edv.605.2021.12.03.01.38.35; Fri, 03 Dec 2021 01:38:58 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=PmgJiwfg; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1274C6806D9; Fri, 3 Dec 2021 11:38:29 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-m974.mail.163.com (mail-m974.mail.163.com [123.126.97.4]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9182D6806D9 for ; Fri, 3 Dec 2021 11:38:21 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=dKHbd WBc5oDkcEHT/wksEem9l5CSVmuUNb/HiRy13aw=; b=PmgJiwfgCzI4/DYN3Rm2T BS7JU+rTWY52n4pgpGyDp0X5k0cPvKh9EaQ4649qNPMS4xoL3F8NiLIJG3uGlc9/ 5hzOb1HCel02PPhlf0hGj+rXAUu+oDVmVs5550pXRgiy26xM6F695axfRyf+vHbR JqHx/IC9H0FeVqdXSfZKm8= Received: from localhost.localdomain (unknown [103.107.216.236]) by smtp4 (Coremail) with SMTP id HNxpCgDHhb2J5alhnRZeAA--.19975S2; Fri, 03 Dec 2021 17:38:17 +0800 (CST) From: Yu Yang To: ffmpeg-devel@ffmpeg.org Date: Fri, 3 Dec 2021 17:33:57 +0800 Message-Id: <20211203093357.65777-1-young_chelsea@163.com> X-Mailer: git-send-email 2.33.1 MIME-Version: 1.0 X-CM-TRANSID: HNxpCgDHhb2J5alhnRZeAA--.19975S2 X-Coremail-Antispam: 1Uf129KBjvJXoWxWr15JF15CFWDGF15Ww17ZFb_yoW5GF1Dp3 45ArnFgFs7XF95ur9xGa15G3yYkrZ3J3WYkrsaya4UGas5Xr97GFyakw15Zr9Fkr1kAw1j vF45GrykJF1IyaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zKZX7hUUUUU= X-Originating-IP: [103.107.216.236] X-CM-SenderInfo: x1rx0wpbfkvzxvhdqiywtou0bp/1tbiEx1eSmE13Jnk3QAAsy Subject: [FFmpeg-devel] fftools/ffmpeg_optc AVDictionary **opts, If memory allocation fails, X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: TOTE Robot , Yu Yang Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: t51P9lkrByE4 Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL. This situation is compatible in avformat_find_stream_info(). Before av_dict_free(), the necessary checks were ignored. // in fftools/ffmpeg_opt.c:1266 1067 static int open_input_file(OptionsContext *o, const char *filename) 1068 { ... 1191 AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts); ... 1196 ret = avformat_find_stream_info(ic, opts); 1197 1198 for (i = 0; i < orig_nb_streams; i++) 1199 av_dict_free(&opts[i]); ... 1342 } ``` ```c // in libavutil/dict.c:203 203 void av_dict_free(AVDictionary **pm) 204 { 205 AVDictionary *m = *pm; ... 215 } coredump backtrace info: ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0) ==6235==The signal is caused by a READ memory access. ==6235==Hint: address points to the zero page. #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23 #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13 #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15 #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11 #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11 #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d) Reported-by: TOTE Robot Signed-off-by: Yu Yang --- fftools/ffmpeg_opt.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c index a27263b879..a9fc54d948 100644 --- a/fftools/ffmpeg_opt.c +++ b/fftools/ffmpeg_opt.c @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename) /* If not enough info to get the stream parameters, we decode the first frames to get it. (used in mpeg case for example) */ ret = avformat_find_stream_info(ic, opts); - - for (i = 0; i < orig_nb_streams; i++) - av_dict_free(&opts[i]); - av_freep(&opts); + if (opts){ + for (i = 0; i < orig_nb_streams; i++) + av_dict_free(&opts[i]); + av_freep(&opts); + } if (ret < 0) { av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename);