[Ffmpeg-devel] Bug report...

Michael Tiller michael.tiller
Mon Jan 8 23:35:56 CET 2007

I'm a MythTV user and was asked by the MythTV developers to report two
issues I found.  One of the issues generates an floating point exception and
the other generates a segmentation fault due to a null pointer.

The first issue is in rational.c.  The problem occurs when the num and den
variables are both zero and this triggers a division by zero.  I don't know
exactly how such an error should be dealt with but I took a shot at it with
this patch:

Index: libs/libavutil/rational.c
--- libs/libavutil/rational.c   (revision 12454)
+++ libs/libavutil/rational.c   (working copy)
@@ -36,8 +36,12 @@
     int sign= (nom<0) ^ (den<0);
     int64_t gcd= ff_gcd(ABS(nom), ABS(den));

+    if (den==0) {
+        return den==0;
+    }
     nom = ABS(nom)/gcd;
     den = ABS(den)/gcd;
     if(nom<=max && den<=max){
         a1= (AVRational){nom, den};

The other issue is in mpeg12.c.  In this case, one of the data structures
has a null pointer but it gets dereferenced.  At this point I should point
out that the file I'm reading was recorded using an HDHomerun from a QAM
source.  I'm pretty sure the file is corrupted somehow but the point is that
it would be good that FFMPEG fail gracefully in these cases rather than
generate an error.  Once again, I have a patch:

Index: libs/libavcodec/mpeg12.c

--- libs/libavcodec/mpeg12.c    (revision 12454)
+++ libs/libavcodec/mpeg12.c    (working copy)
@@ -1468,6 +1468,9 @@

+    if (s->current_picture.mb_type==0) {
+      return -1;
+    }
     s->current_picture.mb_type[ s->mb_x + s->mb_y*s->mb_stride ]= mb_type;

     return 0;

Note that all patches are against the MythTV repository (which is what I had
handy and used for testing).  I checked the FFMPEG SVN repository (using the
web client) and found that the issues are still present in those files.

I think these kinds of checks are reasonable to do.  I hope that helps in
some way.


More information about the ffmpeg-devel mailing list