#9062: Segmentation Fault in dash demuxer
----------------------------------+--------------------------------------
Reporter: c-14 | Type: defect
Status: new | Priority: normal
Component: avformat | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
----------------------------------+--------------------------------------
Summary of the bug:
The dash demuxer segfaults when the dash manifest contains a subtitle
track without an initialization element in the segmenttemplate.
{{{
<AdaptationSet contentType="text" mimeType="application/mp4"
segmentAlignment="true" group="1" lang="eng">
<SegmentTemplate duration="8" media="$RepresentationID$/$Number$.m4s"
startNumber="0" initialization="$RepresentationID$/init.mp4"/>
<Representation id="subtitlesttmleng/subtitles" codecs="stpp"
startWithSAP="1" bandwidth="1"/>
</AdaptationSet>
<AdaptationSet contentType="text" mimeType="text/vtt"
segmentAlignment="true" group="1" lang="eng">
<SegmentTemplate duration="8" media="$RepresentationID$/$Number$.m4s"
startNumber="0"/>
<Representation id="subtitlesvtteng/subtitles" codecs="vtt"
startWithSAP="1" bandwidth="1"/>
</AdaptationSet>
}}}
How to reproduce:
{{{
% ffmpeg -i https://<host>/Manifest.mpd
ffmpeg version N-100605-g0fff6c039c
}}}
gdb backtrace: {{{
#0 is_common_init_section_exist (pls=0x555557b1d820, n_pls=2) at
libavformat/dashdec.c:1995
first_init_section = 0x555557b1d840
url = 0x555557b34100
"https://<host>/subtitlesttmleng/subtitles/init.mp4"
url_offset = 0
size = -1
i = 1
#1 0x0000555555a9713d in dash_read_header (s=0x555557ad6580) at
libavformat/dashdec.c:2082
c = 0x555557b10e00
rep = 0x555557b33840
program = 0x555557ad6c78
ret = 0
stream_index = 7
i = 2
#2 0x0000555555c16bf6 in avformat_open_input (ps=0x7fffffffd128,
filename=0x7fffffffdc22 "https://<host>/Manifest.mpd", fmt=0x0,
options=0x555557ad6468)
at libavformat/utils.c:596
s = 0x555557ad6580
i = 1470983424
ret = 0
tmp = 0x555557b10f40
id3v2_extra_meta = 0x0
#3 0x000055555565bcc4 in open_input_file (o=0x7fffffffd230,
filename=0x7fffffffdc22 "https://<host>/Manifest.mpd") at
fftools/ffmpeg_opt.c:1182
f = 0x5555571a2078 <__sysv_sig...@got.plt>
ic = 0x555557ad6580
file_iformat = 0x0
err = 0
i = 21845
ret = 48
timestamp = 140737340987888
unused_opts = 0x0
e = 0x0
video_codec_name = 0x0
audio_codec_name = 0x0
subtitle_codec_name = 0x0
data_codec_name = 0x0
scan_all_pmts_set = 1
}}}
The segfault occurs in the 2nd iteration of the loop over the
init_sections because the init_section at index 1 of the subtitles array
is NULL. From what I can tell, the init_section element should be
allocated and initialized in parse_manifest_representation, but it only
seems to do so if it can find an initialization element in
fragment_templates_tab which doesn't exist for the second subtitle stream
in the manifest.
Changing the comparison in is_common_init_section_exist to check if an
init_section exists before accessing the children fixes the segfault, but
I'm not sure if that's the correct way to handle this or if the missing
initialization element should be handled differently.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/9062>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
ffmpeg-trac-requ...@ffmpeg.org with subject "unsubscribe".
