[Ffmpeg-devel] [patch] libavformat/utils.c:av_find_stream_info() segfault
Jim Westfall
jwestfall
Tue Jan 10 19:38:49 CET 2006
Hi
av_find_stream_info will segfault if there is a stream change within the
mpeg2ts packets its using to find the stream info. When a stream change
happens the following trace happens
==15109== at 0x401B009: free (vg_replace_malloc.c:235)
==15109== by 0x4927C87: av_free (mem.c:128)
==15109== by 0x48BDF1E: flush_packet_queue (utils.c:1161)
==15109== by 0x48BDFA4: av_read_frame_flush (utils.c:1195)
==15109== by 0x48AAC3D: pmt_cb (mpegts.c:642)
==15109== by 0x48AA1A4: write_section_data (mpegts.c:263)
==15109== by 0x48AC488: handle_packet (mpegts.c:1523)
==15109== by 0x48AC71C: handle_packets (mpegts.c:1604)
==15109== by 0x48AD31F: mpegts_read_packet (mpegts.c:1892)
==15109== by 0x48BCCAD: av_read_packet (utils.c:702)
==15109== by 0x48BDA41: av_read_frame_internal (utils.c:1021)
==15109== by 0x48C04AC: av_find_stream_info (utils.c:2066)
flush_packet_queue() frees all AVPackets on ic->packet_buffer, but
av_find_stream_info() has its own pointer (*ppktl) that points to the last
AVPacket on ci->packet_buffer. The segfault is triggered next time
av_find_stream_info() tries to append a packet to ic->packet_buffer using
*ppktl.
fix attached.
jim
-------------- next part --------------
Index: libs/libavformat/utils.c
===================================================================
--- libs/libavformat/utils.c (revision 8378)
+++ libs/libavformat/utils.c (working copy)
@@ -2083,6 +2083,10 @@
break;
}
+ /* handle ic->packet_buffer being freed by av_read_frame_internal() */
+ if (!ic->packet_buffer)
+ ppktl = &ic->packet_buffer;
+
/* add the packet in the buffered packet list */
*ppktl = pktl;
ppktl = &pktl->next;
More information about the ffmpeg-devel
mailing list