New submission from qrtt1 <[email protected]>:
I am trying to decode mms streaming. In some case, the user gives a
media url which is mmsh but the leading is mmst://. It causes
av_open_input_file function to use the mmst protocol. I know we should
open the media with the mmsh:// prefix. We got "Segmentation fault".
However,I expect it returns the error code by av_open_input_file.
(I have tested in r25320 )
My testing link are
mmst://210.59.147.3/wmtencoder/100k.wmv
mmsh://210.59.147.3/wmtencoder/100k.wmv
The root cause is the MMSContext is null.
here is the bt messages:
Program received signal SIGSEGV, Segmentation fault.
mms_read (h=0x804c020, buf=0x804c090 "\200\344\004\b",
size=32768)
at libavformat/mmst.c:588
588 if(mms->asf_header_read_size < mms->asf_header_size) {
(gdb) bt
#0 mms_read (h=0x804c020, buf=0x804c090 "\200\344\004\b",
size=32768)
at libavformat/mmst.c:588
#1 0xb7ee928a in fill_buffer (s=0x80540c0) at libavformat/aviobuf.c:350
#2 0xb7eea643 in get_buffer (s=0x80540c0, buf=0x8054128 "",
size=2048)
at libavformat/aviobuf.c:437
#3 0xb7f71a90 in ff_probe_input_buffer (ic_ptr=0xbffd0210,
filename=0x804a30c
"mmst://210.59.147.3/wmtencoder/100k.wmv",
fmt=<value optimized out>, buf_size=0, ap=0x0) at
libavformat/utils.c:522
#4 av_open_input_file (ic_ptr=0xbffd0210,
filename=0x804a30c
"mmst://210.59.147.3/wmtencoder/100k.wmv",
fmt=<value optimized out>, buf_size=0, ap=0x0) at
libavformat/utils.c:589
#5 0x08048f76 in openMediaSource (ctx=0xbffd0210,
source=0x804a30c "mmst://210.59.147.3/wmtencoder/100k.wmv",
logger=0x0)
at ffmpeg_context.c:73
#6 0x08048c54 in main () at main.c:14
----------
files: mmst.patch
messages: 12110
priority: normal
status: new
substatus: new
title: add null checking to mmst
topic: avformat
type: patch
________________________________________________
FFmpeg issue tracker <[email protected]>
<https://roundup.ffmpeg.org/issue2266>
________________________________________________Index: libavformat/mmst.c
===================================================================
--- libavformat/mmst.c (revision 25320)
+++ libavformat/mmst.c (working copy)
@@ -462,14 +462,17 @@
{
MMSTContext *mmst = (MMSTContext *)h->priv_data;
MMSContext *mms = &mmst->mms;
- if(mms->mms_hd) {
- send_close_packet(mmst);
- url_close(mms->mms_hd);
+ if(mms != NULL)
+ {
+ if(mms->mms_hd) {
+ send_close_packet(mmst);
+ url_close(mms->mms_hd);
+ }
+
+ /* free all separately allocated pointers in mms */
+ av_free(mms->streams);
+ av_free(mms->asf_header);
}
-
- /* free all separately allocated pointers in mms */
- av_free(mms->streams);
- av_free(mms->asf_header);
av_freep(&h->priv_data);
return 0;
@@ -513,6 +516,11 @@
return AVERROR(ENOMEM);
mms = &mmst->mms;
+ if(mms == NULL) {
+ err = AVERROR(EIO);
+ goto fail;
+ }
+
// only for MMS over TCP, so set proto = NULL
av_url_split(NULL, 0, NULL, 0,
mmst->host, sizeof(mmst->host), &port, mmst->path,
@@ -584,6 +592,10 @@
MMSContext *mms = &mmst->mms;
int result = 0;
+ if(mms == NULL) {
+ return AVERROR_IO;
+ }
+
do {
if(mms->asf_header_read_size < mms->asf_header_size) {
/* Read from ASF header buffer */
