[FFmpeg-trac] #3713(avformat:new): crashes on bogus rtp stream
FFmpeg
trac at avcodec.org
Wed Jun 11 12:25:51 CEST 2014
#3713: crashes on bogus rtp stream
-------------------------------------+-------------------------------------
Reporter: lavv17 | Owner:
Type: defect | Status: new
Priority: important | Component: avformat
Version: git-master | Resolution:
Keywords: crash | Blocked By:
SIGSEGV | Reproduced by developer: 0
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Comment (by lavv17):
Valgrind errors:
{{{
# valgrind /usr/local/bin/ffmpeg -ss 1 -i rtp://@224.0.94.27:1234 -t 30 -f
avi -c copy file.avi
==53343== Memcheck, a memory error detector
==53343== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==53343== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright
info
==53343== Command: /usr/local/bin/ffmpeg -ss 1 -i rtp://@224.0.94.27:1234
-t 30 -f avi -c copy file.avi
==53343==
==53343== Invalid write of size 1
==53343== at 0x5540C8: write_section_data.isra.13 (mpegts.c:398)
==53343== by 0x554793: handle_packet (mpegts.c:2095)
==53343== by 0x5596CE: ff_mpegts_parse_packet (mpegts.c:2646)
==53343== by 0x598994: mpegts_handle_packet (rtpdec_mpegts.c:86)
==53343== by 0x592796: rtp_parse_packet_internal (rtpdec.c:645)
==53343== by 0x593920: ff_rtp_parse_packet (rtpdec.c:792)
==53343== by 0x5A4A19: ff_rtsp_fetch_packet (rtsp.c:2042)
==53343== by 0x5C4435: ff_read_packet (utils.c:791)
==53343== by 0x5C71EF: read_frame_internal (utils.c:1454)
==53343== by 0x5CAB1E: avformat_find_stream_info (utils.c:3240)
==53343== by 0x46FDC0: open_input_file (ffmpeg_opt.c:888)
==53343== by 0x4740DE: ffmpeg_parse_options (ffmpeg_opt.c:2645)
==53343== Address 0x5946030 is 656 bytes inside a block of size 65,992
free'd
==53343== at 0x4C294C4: free (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==53343== by 0xC41EDB: av_freep (mem.c:232)
==53343== by 0x4EAE55: ffurl_close (avio.c:381)
==53343== by 0x59E809: rtp_close (rtpproto.c:505)
==53343== by 0x4EAE7C: ffurl_close (avio.c:373)
==53343== by 0x5A3109: rtp_read_header (rtsp.c:2299)
==53343== by 0x5CDAE6: avformat_open_input (utils.c:594)
==53343== by 0x46FCB8: open_input_file (ffmpeg_opt.c:871)
==53343== by 0x4740DE: ffmpeg_parse_options (ffmpeg_opt.c:2645)
==53343== by 0x463EF7: main (ffmpeg.c:3787)
==53343==
==53343== Invalid write of size 1
==53343== at 0x5540C8: write_section_data.isra.13 (mpegts.c:398)
==53343== by 0x554793: handle_packet (mpegts.c:2095)
==53343== by 0x5596CE: ff_mpegts_parse_packet (mpegts.c:2646)
==53343== by 0x598A06: mpegts_handle_packet (rtpdec_mpegts.c:75)
==53343== by 0x593861: ff_rtp_parse_packet (rtpdec.c:752)
==53343== by 0x5A4D63: ff_rtsp_fetch_packet (rtsp.c:1956)
==53343== by 0x5C4435: ff_read_packet (utils.c:791)
==53343== by 0x5C71EF: read_frame_internal (utils.c:1454)
==53343== by 0x5CAB1E: avformat_find_stream_info (utils.c:3240)
==53343== by 0x46FDC0: open_input_file (ffmpeg_opt.c:888)
==53343== by 0x4740DE: ffmpeg_parse_options (ffmpeg_opt.c:2645)
==53343== by 0x463EF7: main (ffmpeg.c:3787)
==53343== Address 0x5946030 is 656 bytes inside a block of size 65,992
free'd
==53343== at 0x4C294C4: free (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==53343== by 0xC41EDB: av_freep (mem.c:232)
==53343== by 0x4EAE55: ffurl_close (avio.c:381)
==53343== by 0x59E809: rtp_close (rtpproto.c:505)
==53343== by 0x4EAE7C: ffurl_close (avio.c:373)
==53343== by 0x5A3109: rtp_read_header (rtsp.c:2299)
==53343== by 0x5CDAE6: avformat_open_input (utils.c:594)
==53343== by 0x46FCB8: open_input_file (ffmpeg_opt.c:871)
==53343== by 0x4740DE: ffmpeg_parse_options (ffmpeg_opt.c:2645)
==53343== by 0x463EF7: main (ffmpeg.c:3787)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/3713#comment:3>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list