> 2021年12月7日 上午1:48,Andreas Rheinhardt <andreas.rheinha...@outlook.com> 写道: > > Yy: >> >> >>> 2021年12月3日 下午8:06,Yy <young_chel...@163.com> 写道: >>> >>> >>> >>>> 2021年12月3日 下午5:42,Andreas Rheinhardt <andreas.rheinha...@outlook.com >>>> <mailto:andreas.rheinha...@outlook.com>> 写道: >>>> >>>> Yu Yang: >>>>> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL. >>>>> This situation is compatible in avformat_find_stream_info(). >>>>> Before av_dict_free(), the necessary checks were ignored. >>>>> >>>>> // in fftools/ffmpeg_opt.c:1266 >>>>> 1067 static int open_input_file(OptionsContext *o, const char *filename) >>>>> 1068 { >>>>> ... >>>>> 1191 AVDictionary **opts = setup_find_stream_info_opts(ic, >>>>> o->g->codec_opts); >>>>> ... >>>>> 1196 ret = avformat_find_stream_info(ic, opts); >>>>> 1197 >>>>> 1198 for (i = 0; i < orig_nb_streams; i++) >>>>> 1199 av_dict_free(&opts[i]); >>>>> ... >>>>> 1342 } >>>>> ``` >>>>> ```c >>>>> // in libavutil/dict.c:203 >>>>> 203 void av_dict_free(AVDictionary **pm) >>>>> 204 { >>>>> 205 AVDictionary *m = *pm; >>>>> ... >>>>> 215 } >>>>> >>>>> coredump backtrace info: >>>>> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 >>>>> (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0) >>>>> ==6235==The signal is caused by a READ memory access. >>>>> ==6235==Hint: address points to the zero page. >>>>> #0 0x6ba9c2f in av_dict_free >>>>> /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23 >>>>> #1 0x4ce5ac in open_input_file >>>>> /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13 >>>>> #2 0x4c9dc0 in open_files >>>>> /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15 >>>>> #3 0x4c9295 in ffmpeg_parse_options >>>>> /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11 >>>>> #4 0x58f241 in main >>>>> /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11 >>>>> #5 0x7fe35197f0b2 in __libc_start_main >>>>> /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 >>>>> #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d) >>>>> >>>>> Reported-by: TOTE Robot <os...@tsinghua.edu.cn> >>>>> Signed-off-by: Yu Yang <young_chel...@163.com> >>>>> --- >>>>> fftools/ffmpeg_opt.c | 9 +++++---- >>>>> 1 file changed, 5 insertions(+), 4 deletions(-) >>>>> >>>>> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c >>>>> index a27263b879..a9fc54d948 100644 >>>>> --- a/fftools/ffmpeg_opt.c >>>>> +++ b/fftools/ffmpeg_opt.c >>>>> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, >>>>> const char *filename) >>>>> /* If not enough info to get the stream parameters, we decode the >>>>> first frames to get it. (used in mpeg case for example) */ >>>>> ret = avformat_find_stream_info(ic, opts); >>>>> - >>>>> - for (i = 0; i < orig_nb_streams; i++) >>>>> - av_dict_free(&opts[i]); >>>>> - av_freep(&opts); >>>>> + if (opts){ >>>>> + for (i = 0; i < orig_nb_streams; i++) >>>>> + av_dict_free(&opts[i]); >>>>> + av_freep(&opts); >>>>> + } >>>>> >>>>> if (ret < 0) { >>>>> av_log(NULL, AV_LOG_FATAL, "%s: could not find codec >>>>> parameters\n", filename); >>>>> >>>> >>>> You should instead check setup_find_stream_info_opts() (either only call >>>> it if orig_nb_streams is > 0 or modify it to return an error code given >>>> that it can currently return NULL even on nonerror). >>> Thanks for your advice, i will try to fix it again. >>>> - Andreas >> Hi, I try to fix this problem lastday and it not work. Today, I refer to >> your suggestion >> above to modify. But I think may be you misunderstood this bug. Because of >> no alloc memory for stream opts, ‘&opts[I]’ free caused crash. And if >> orig_nb_streams == 0, >> crash won’t happen. So I think it is unnecessary to fix it call >> setup_find_stream_info_opts() >> If orig_nb_streams is > 0. Opts == NULL when orig_nb_streams == 0 or no >> alloc memory. >> I don’t think it is error. Because avformat_find_stream_info() allow opts == >> NULL. >> But we need to check if opts == NULL before releasing. May be this fix is >> right? >> How do you think? >> Thx. >> -Yu Yang > > We don't need to check for opts == NULL before releasing if we actually > checked that this array has been properly allocated in case it needs to > be allocated; in case it could not be allocated, we should not call > avformat_find_stream_info() at all. I got it now. You mean it is redundant to check opts twice. It should return error when it could not be allocated at first time. I will resubmit a new patch today. Thanks for your answer. : ) > > - Andreas > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
