[FFmpeg-trac] #8231(undetermined:new): Segmentation fault in mov_write_udta_sdp at libavformat/movenc.c:3102

FFmpeg trac at avcodec.org
Wed Oct 9 07:56:01 EEST 2019 

#8231: Segmentation fault in mov_write_udta_sdp at libavformat/movenc.c:3102
-------------------------------------+-------------------------------------
             Reporter:  Suhwan       |                     Type:  defect
               Status:  new          |                 Priority:  important
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:  SIGSEGV      |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:
 There is a Segmentation fault in mov_write_udta_sdp at
 libavformat/movenc.c:3102 due to the null pointer access.

 Here's GDB log.
 {{{
 Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
 mov_write_udta_sdp (pb=<optimized out>, track=<optimized out>) at
 libavformat/movenc.c:3102
 3102        ff_sdp_write_media(buf, sizeof(buf), ctx->streams[0],
 track->src_track,
 (gdb) bt
 #0  mov_write_udta_sdp (pb=<optimized out>, track=<optimized out>) at
 libavformat/movenc.c:3102
 #1  mov_write_trak_tag (mov=<optimized out>, track=<optimized out>,
 st=<optimized out>, s=<optimized out>,
     pb=<optimized out>) at libavformat/movenc.c:3193
 #2  mov_write_moov_tag (pb=<optimized out>, mov=<optimized out>,
 s=<optimized out>)
     at libavformat/movenc.c:4013
 #3  0x000000000069ec13 in mov_write_trailer (s=<optimized out>) at
 libavformat/movenc.c:6780
 #4  0x00000000006c7bff in av_write_trailer (s=0x2301740) at
 libavformat/mux.c:1281
 #5  0x000000000041d9b0 in transcode () at fftools/ffmpeg.c:4726
 #6  0x0000000000419377 in main (argc=<optimized out>, argv=<optimized
 out>) at fftools/ffmpeg.c:4894
 (gdb) list
 3097    {
 3098        AVFormatContext *ctx = track->rtp_ctx;
 3099        char buf[1000] = "";
 3100        int len;
 3101
 3102        ff_sdp_write_media(buf, sizeof(buf), ctx->streams[0],
 track->src_track,
 3103                           NULL, NULL, 0, 0, ctx);
 3104        av_strlcatf(buf, sizeof(buf), "a=control:streamid=%d\r\n",
 track->track_id);
 3105        len = strlen(buf);
 3106
 (gdb) print ctx
 $1 = (AVFormatContext *) 0x0
 }}}

 How to reproduce:
 {{{
 % ffmpeg_g -i $PoC -loglevel 0 -map 0 tmp.mov

 ffmpeg version N-95291-g5345965b3f Copyright (c) 2000-2019 the FFmpeg
 developers
 built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
 configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8231>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list