[FFmpeg-devel] [PATCH]: avoid sending empty probe data to probing functions

Thomas Hutschenreuther thutschenreuther at mufin.com
Thu Jul 12 15:41:12 CEST 2012


> The calling code is supposed to add 32 null bytes as padding to the probe
> data buffer. ASAICS, adts_aac_probe relies on it (which is a style I do not
> like personally but is perfectly valid in the context of ffmpeg) in a safe
> way.
>
> Therefore, your post-mortem on the crash you were experiencing seems
> incomplete: if p->buf was NULL, it should not have been, and we need to know
> why; if b->buf was not NULL, it should point to at least 32 bytes of 0, and
> if not we also need to know why.
>
> Can you point us to a sample that causes the crash you were investigating?

I only experienced this when decoding mpegts-over-ip streams. I have 
spent quite some time trying to construct a static file, which causes 
the various crashes I am experiencing with this but as of yet without 
any luck.

The root cause for the problem looks to be the same as in 
https://ffmpeg.org/trac/ffmpeg/ticket/1510
since the substream being probed does not really exist in the input 
ts-stream and seems to originate from a misinterpreted PES packet.

p->buf definitely was 0x0 in at the point where the program crashed.
The only reason I can see is, that for a certain stream, 
libavformat/utils.c:745:
probe_codec(s, st, NULL);

is called on a stream st, that only has empty probe_data attached to it.

I am currently trying to produce a core dump with a completely 
unoptimized ffmpeg binary (--disable-asm --disable-yasm --enable-debug=3 
--disable-optimizations). Maybe this helps.

Best regards,

-- 
Thomas Hutschenreuther
mufin Development Team



More information about the ffmpeg-devel mailing list