#9722: SEGFAULT in h264_v4l2m2m decoder (v4l2_context.c)
-------------------------------------+-------------------------------------
Reporter: Vraz | Type: defect
Status: new | Priority: normal
Component: avcodec | Version: git-
Keywords: SEGFAULT | master
v4l2m2m | Blocked By:
Blocking: | Reproduced by developer: 1
Analyzed by developer: 1 |
-------------------------------------+-------------------------------------
If a media player initially calls avcodec_receive_frame() prior to
avcodec_send_packet(), the v42l_m2m decoder will SEGFAULT @
v4l2_context.c:344 due to a missing NULL check in some diagnostic warning
code.
How to reproduce:
Easiest repro requires modifying ffplay to call avcodec_receive_frame()
prior to avcodec_send_packet().
{{{
Add to ffplay.c/decoder_decode_frame:
static int decoder_decode_frame(Decoder *d, AVFrame *frame, AVSubtitle
*sub) {
int ret = AVERROR(EAGAIN);
+ if ((d->pkt_serial != d->queue->serial) && (d->avctx->codec_type ==
AVMEDIA_TYPE_VIDEO))
+ avcodec_receive_frame(d->avctx, frame);
for (;;) {
build and then:
% ffplay -vcodec h264_v4l2m2m <h264-filename>
}}}
The bug was introduced by:
https://github.com/FFmpeg/FFmpeg/commit/0b9b7f0b46a80b848b19ebbb624cc7dc06bd33b7
Due to how the v42l_m2m decoder works, its buffers are not guaranteed to
be allocated when dequeue is called. Trivial fix is changing the "if
(timeout == 0)" to "if ((timeout == 0) && (ctx->buffers != NULL))" in the
patch referenced above.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/9722>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker_______________________________________________
FFmpeg-trac mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
