[Ffmpeg-devel] [PATCH] Fix segfault in bmp decoder

Michael Niedermayer michaelni
Sun Jan 28 03:16:35 CET 2007


Hi

On Sat, Jan 27, 2007 at 02:06:49PM +0100, Michel Bardiaux wrote:
> The symptom:
> 
> ffmpeg -f image2 -i y%06d.bmp -an -y oops.mpg
> FFmpeg version SVN-r7724, Copyright (c) 2000-2006 Fabrice Bellard, et al.
>   configuration:
>   libavutil version: 49.2.0
>   libavcodec version: 51.29.0
>   libavformat version: 51.8.0
>   built on Jan 27 2007 12:19:07, gcc: 3.3.5 (Debian 1:3.3.5-13)
> Input #0, image2, from 'y%06d.bmp':
>   Duration: 00:01:00.0, start: 0.000000, bitrate: N/A
>   Stream #0.0: Video: bmp, bgr24, 352x288, 25.00 fps(r)
> Output #0, mpeg, to 'oops.mpg':
>   Stream #0.0: Video: mpeg1video, yuv420p, 352x288, q=2-31, 200 kb/s,
> 25.00 fps(c)
> Stream mapping:
>   Stream #0.0 -> #0.0
> Press [q] to stop encoding
> Compiler did not align stack variables. Libavcodec has been miscompiled
> and may be very slow or crash. This is not a bug in libavcodec,
> but in the compiler. Do not report crashes to FFmpeg developers.
> Segmentation fault size=     138kB time=2.0 bitrate= 554.2kbits/s
> 
> The syndrome: you have to know, of course, that the message about stack
> is there for form's sake only, and irrelevant for most crashes... After
> a number of calls to the decoder, get_buffer returned with a
> pathological value for p->linesize[0].
> 
> The fix: attached.

looks ok


> 
> Note: it is quite likely this patch actually hides a bug in
> avcodec_default_get_buffer that causes it to fail without returning
> failure status. I am looking into that.

yes i agree that avcodec_default_get_buffer is likly buggy to but either
way the buffers must be released ...
there also needs to be a release_buffer() in "decode_end" which is also
missing in bmp.c

PS: ive seen alot of mime types on patches but yours had 
Content-Type: image/x-coreldrawpattern


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070128/ed67633e/attachment.pgp>



More information about the ffmpeg-devel mailing list