From patchwork Sat Dec  4 08:18:00 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yy <young_chelsea@163.com>
X-Patchwork-Id: 31957
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp1755619iog;
        Sat, 4 Dec 2021 00:18:39 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJyF+bMLtYh8n1YRm+64jTqVUc4SU45JIoqtE+JZSOUBq7t0RT3Hn1aJLE6YjSGxRT8ybC07
X-Received: by 2002:a17:906:fcbb:: with SMTP id
 qw27mr29261652ejb.320.1638605918983;
        Sat, 04 Dec 2021 00:18:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1638605918; cv=none;
        d=google.com; s=arc-20160816;
        b=FTgnuibpweLnpaPhxmpbGlrVeBR3WJeOlG+4N3VY+JXigzB7ehOQlI5QOiAW2CFd4p
         iogc+xu2CN4Bj/BzWgwRKdwME2S8oQfUlHDSmhcEBL3lw/6HrnW2mrq3GLUvLYd4guq1
         CyTUlnCPvQlravhPrZrqGY3MHkg9bmh0bdfzGbSffEdnNCoSfnAlA0CHi5UYz6LjIqh5
         ljB0EIio1vMT0i2EDaaKDXOPDAdinEtdpAee4KgMRIkqCGSoUjjAKIvS5+mIKWxzbxcK
         teLhvyPiDaBb7PTjkBawhPG49Y6lFZo/Go3aOENdnirDLw/DYKZBe3w7xahkvfhU1WjK
         Fq7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:cc:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:mime-version:references:in-reply-to
         :message-id:date:to:from:dkim-signature:delivered-to;
        bh=TRpctu2QWydAPCnZWbP1W90/UO6dOk1RN8wpucCjsjE=;
        b=JAZd7smr3t3tSHO78O3yJzSx8xD5BjmvfcEAsTBu+kfWWtim05fRHs3aPuITuTGWmQ
         oVQnMIzIm2o1DQ96EcUreclJWBk7QP7A1vFkM2U8R1ckseLoavEUSBJgMHQfllakjNVp
         FiF3UuIBuGAQdh5FipUZ7Zf/L4+eu9qfetJ1KvZ+/Gl36BnqM064ISr6rrAOCXROmBdD
         W7aaaZEWzM+fsQQVP+HGm0dZdZfO6sW0OF1M3nq3dVE0xBtCSXgO9koJhCC/GO9HsenP
         DfqjxICs5oIcebI/2Dc/TwrC1qj+tc58HC4GhPl4Xo4a095/Nr8aazwcjrC4GO67jJse
         Grhw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@163.com
 header.s=s110527 header.b=fRlfuVjP;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 kg26si6439180ejc.463.2021.12.04.00.18.38;
        Sat, 04 Dec 2021 00:18:38 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@163.com
 header.s=s110527 header.b=fRlfuVjP;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4886A68ADF7;
	Sat,  4 Dec 2021 10:18:34 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-m972.mail.163.com (mail-m972.mail.163.com [123.126.97.2])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D4C6B6802C1
 for <ffmpeg-devel@ffmpeg.org>; Sat,  4 Dec 2021 10:18:26 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
 s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=yGRqj
 hQ8c5fGmgFuAA90oCdaKC2ZhUlcWarsHk5IB8I=; b=fRlfuVjPnxmXvjgBVVt6d
 Rmenhb4pCDZ4W8206YO5ANHAqNnyVlxj+3HGZmk7V1ocRDsdzxHWW5Xf5+fIUq/h
 hFasa9m3hmoCM/xC7LNDdSS9RIx8NK4OHNm+NLMU49TEkp4VSNK1lOemVMy1PVQa
 r7mZrjJPmPXpCPjL8DM3EE=
Received: from localhost.localdomain (unknown [103.107.216.236])
 by smtp2 (Coremail) with SMTP id GtxpCgAnmxlOJKthVjyFLg--.46063S2;
 Sat, 04 Dec 2021 16:18:23 +0800 (CST)
From: Yu Yang <young_chelsea@163.com>
To: ffmpeg-devel@ffmpeg.org
Date: Sat,  4 Dec 2021 16:18:00 +0800
Message-Id: <20211204081800.95539-1-young_chelsea@163.com>
X-Mailer: git-send-email 2.33.1
In-Reply-To: <20211203093357.65777-1-young_chelsea@163.com>
References: <20211203093357.65777-1-young_chelsea@163.com>
MIME-Version: 1.0
X-CM-TRANSID: GtxpCgAnmxlOJKthVjyFLg--.46063S2
X-Coremail-Antispam: 1Uf129KBjvJXoWxZF43AF43tw47tFW8Kr1xXwb_yoWrAw15pr
 n5CrnxJr1kAF93urnrGa1rCa1rG395W3WUK3say3yUC3WFgryFqF13KFyFvF9Fkry7Xr12
 vr45uryUXwsFvaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zKZX7hUUUUU=
X-Originating-IP: [103.107.216.236]
X-CM-SenderInfo: x1rx0wpbfkvzxvhdqiywtou0bp/1tbiNBFfSlaD+sJqsQAAsG
Subject: [FFmpeg-devel] [PATCH v2] fftools/cmdutils: Avoid crash when opts
 is empty
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: TOTE Robot <oslab@tsinghua.edu.cn>, Yu Yang <young_chelsea@163.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: ypvRUKiVoZWn

Opts is assigned by setup_find_stream_info_opts(). Could not get opts when nb_streams == 0.
It should not return NULL but print AV_LOG_ERROR. when no alloc memory for stream options,
it also need return an error to avoid crash when free. In total, setup_find_stream_info_opts()
should not return NULL. It print AV_LOG_ERROR or correct value.

coredump backtrace info:
==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
==6235==The signal is caused by a READ memory access.
==6235==Hint: address points to the zero page.
    #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
    #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
    #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
    #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
    #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
    #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)

Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Yu Yang <young_chelsea@163.com>
---
 fftools/cmdutils.c  |  6 ++++--
 libavformat/demux.c | 12 +++++-------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/fftools/cmdutils.c b/fftools/cmdutils.c
index 45322f8c71..f4333d8b65 100644
--- a/fftools/cmdutils.c
+++ b/fftools/cmdutils.c
@@ -2182,12 +2182,14 @@ AVDictionary **setup_find_stream_info_opts(AVFormatContext *s,
     AVDictionary **opts;
 
     if (!s->nb_streams)
-        return NULL;
+        av_log(NULL, AV_LOG_ERROR,
+               "No stream exists, Could not get stream options.\n");
+        exit_program(1);
     opts = av_calloc(s->nb_streams, sizeof(*opts));
     if (!opts) {
         av_log(NULL, AV_LOG_ERROR,
                "Could not alloc memory for stream options.\n");
-        return NULL;
+        exit_program(1);
     }
     for (i = 0; i < s->nb_streams; i++)
         opts[i] = filter_codec_opts(codec_opts, s->streams[i]->codecpar->codec_id,
diff --git a/libavformat/demux.c b/libavformat/demux.c
index 745dc8687c..0738ef2e73 100644
--- a/libavformat/demux.c
+++ b/libavformat/demux.c
@@ -2434,7 +2434,7 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options)
 
     for (unsigned i = 0; i < ic->nb_streams; i++) {
         const AVCodec *codec;
-        AVDictionary *thread_opt = NULL;
+
         AVStream *const st  = ic->streams[i];
         FFStream *const sti = ffstream(st);
         AVCodecContext *const avctx = sti->avctx;
@@ -2474,26 +2474,24 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options)
 
         /* Force thread count to 1 since the H.264 decoder will not extract
          * SPS and PPS to extradata during multi-threaded decoding. */
-        av_dict_set(options ? &options[i] : &thread_opt, "threads", "1", 0);
+        av_dict_set(&options[i], "threads", "1", 0);
         /* Force lowres to 0. The decoder might reduce the video size by the
          * lowres factor, and we don't want that propagated to the stream's
          * codecpar */
-        av_dict_set(options ? &options[i] : &thread_opt, "lowres", "0", 0);
+        av_dict_set(&options[i], "lowres", "0", 0);
 
         if (ic->codec_whitelist)
-            av_dict_set(options ? &options[i] : &thread_opt, "codec_whitelist", ic->codec_whitelist, 0);
+            av_dict_set(&options[i], "codec_whitelist", ic->codec_whitelist, 0);
 
         // Try to just open decoders, in case this is enough to get parameters.
         // Also ensure that subtitle_header is properly set.
         if (!has_codec_parameters(st, NULL) && sti->request_probe <= 0 ||
             st->codecpar->codec_type == AVMEDIA_TYPE_SUBTITLE) {
             if (codec && !avctx->codec)
-                if (avcodec_open2(avctx, codec, options ? &options[i] : &thread_opt) < 0)
+                if (avcodec_open2(avctx, codec, &options[i]) < 0)
                     av_log(ic, AV_LOG_WARNING,
                            "Failed to open codec in %s\n",__FUNCTION__);
         }
-        if (!options)
-            av_dict_free(&thread_opt);
     }
 
     read_size = 0;