[FFmpeg-devel] [PATCH 1/2] avformat/hlsenc: fix base_output_dirname is null when basename_size is 0 bug
Liu Steven
lq at chinaffmpeg.org
Thu Nov 2 02:15:12 EET 2017
> 在 2017年11月2日,上午3:18,Marton Balint <cus at passwd.hu> 写道:
>
>
> On Wed, 1 Nov 2017, Marton Balint wrote:
>
>>
>> On Sun, 29 Oct 2017, Liu Steven wrote:
>>
>>>
>>>> 在 2017年10月26日,上午7:54,Steven Liu <lq at chinaffmpeg.org> 写道:
>>>> fix ticket id: #6777
>>>> when use argument hls_segment_filename, the basename_size will be 0
>>>> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
>>>> ---
>>>> libavformat/hlsenc.c | 16 +++++++++++-----
>>>> 1 file changed, 11 insertions(+), 5 deletions(-)
>>>> diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
>>>> index 418f153c6f..55ce800c5a 100644
>>>> --- a/libavformat/hlsenc.c
>>>> +++ b/libavformat/hlsenc.c
>>>> @@ -1335,6 +1335,7 @@ static int hls_write_header(AVFormatContext *s)
>>>> AVDictionary *options = NULL;
>>>> int basename_size = 0;
>>>> int vtt_basename_size = 0;
>>>> + int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1;
>>>>
>>>> if (hls->segment_type == SEGMENT_TYPE_FMP4) {
>>>> pattern = "%d.m4s";
>>>> @@ -1445,7 +1446,6 @@ static int hls_write_header(AVFormatContext *s)
>>>> }
>>>>
>>>> if (av_strcasecmp(hls->fmp4_init_filename, "init.mp4")) {
>>>> - int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1;
>>>> hls->base_output_dirname = av_malloc(fmp4_init_filename_len);
>>>> if (!hls->base_output_dirname) {
>>>> ret = AVERROR(ENOMEM);
>>>> @@ -1453,19 +1453,25 @@ static int hls_write_header(AVFormatContext *s)
>>>> }
>>>> av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename,
>> fmp4_init_filename_len);
>>>> } else {
>>>> - hls->base_output_dirname = av_malloc(basename_size);
>>>> + if (basename_size > 0) {
>>>> + hls->base_output_dirname = av_malloc(basename_size);
>>>> + } else {
>>>> + hls->base_output_dirname =
>> av_malloc(strlen(hls->fmp4_init_filename));
>>>> + }
>>>> if (!hls->base_output_dirname) {
>>>> ret = AVERROR(ENOMEM);
>>>> goto fail;
>>>> }
>>>> - av_strlcpy(hls->base_output_dirname, s->filename, basename_size);
>>>> - p = strrchr(hls->base_output_dirname, '/');
>>>> + if (basename_size > 0) {
>>>> + av_strlcpy(hls->base_output_dirname, s->filename,
>> basename_size);
>>>> + p = strrchr(hls->base_output_dirname, '/');
>>>> + }
>>>> if (p) {
>>>> *(p + 1) = '\0';
>>>> av_strlcat(hls->base_output_dirname, hls->fmp4_init_filename,
>> basename_size);
>>>> } else {
>>>> - av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename,
>> basename_size);
>>>> + av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename,
>> fmp4_init_filename_len);
>>>> }
>>>> }
>>>> --
>>>> 2.11.0 (Apple Git-81)
>>>
>>> Applied!
>>>
>>
>> This breaks fate-filter-hls-append, ffmpeg crashes or infinite loops for me:
>>
>> ==8410== Invalid write of size 1
>> ==8410== at 0x102DD63: av_strlcpy (avstring.c:89)
>> ==8410== by 0x6627D9: hls_write_header (hlsenc.c:1474)
>> ==8410== by 0x6BD7E1: write_header_internal (mux.c:466)
>> ==8410== by 0x6BF678: avformat_write_header (mux.c:519)
>> ==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933)
>> ==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572)
>> ==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424)
>> ==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540)
>> ==8410== by 0x48F45E: transcode (ffmpeg.c:4584)
>> ==8410== by 0x48F45E: main (ffmpeg.c:4790)
>> ==8410== Address 0xb3ded28 is 0 bytes after a block of size 8 alloc'd
>> ==8410== at 0x4C2B5D0: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
>> ==8410== by 0x4C2B6E7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
>> ==8410== by 0x1044809: av_malloc (mem.c:87)
>> ==8410== by 0x661DC0: hls_write_header (hlsenc.c:1459)
>> ==8410== by 0x6BD7E1: write_header_internal (mux.c:466)
>> ==8410== by 0x6BF678: avformat_write_header (mux.c:519)
>> ==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933)
>> ==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572)
>> ==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424)
>> ==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540)
>> ==8410== by 0x48F45E: transcode (ffmpeg.c:4584)
>> ==8410== by 0x48F45E: main (ffmpeg.c:4790)
>> ==8410==
>
> The above trace is for the offending commit, here is one for the current git master:
>
> ==8580== Invalid write of size 1
> ==8580== at 0x102CD13: av_strlcpy (avstring.c:89)
> ==8580== by 0x661B19: hls_write_header (hlsenc.c:1472)
> ==8580== by 0x6BD751: write_header_internal (mux.c:466)
> ==8580== by 0x6BF5E8: avformat_write_header (mux.c:519)
> ==8580== by 0x4A5058: check_init_output_file (ffmpeg.c:2939)
> ==8580== by 0x4A65D5: init_output_stream.constprop.23 (ffmpeg.c:3578)
> ==8580== by 0x4AABB5: reap_filters (ffmpeg.c:1424)
> ==8580== by 0x4AFFF8: transcode_step (ffmpeg.c:4546)
> ==8580== by 0x4AFFF8: transcode (ffmpeg.c:4590)
> ==8580== by 0x48DF41: main (ffmpeg.c:4796)
> ==8580== Address 0xb3debe8 is 0 bytes after a block of size 8 alloc'd
> ==8580== at 0x4C2B5D0: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==8580== by 0x4C2B6E7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==8580== by 0x10436D9: av_malloc (mem.c:87)
> ==8580== by 0x661100: hls_write_header (hlsenc.c:1457)
> ==8580== by 0x6BD751: write_header_internal (mux.c:466)
> ==8580== by 0x6BF5E8: avformat_write_header (mux.c:519)
> ==8580== by 0x4A5058: check_init_output_file (ffmpeg.c:2939)
> ==8580== by 0x4A65D5: init_output_stream.constprop.23 (ffmpeg.c:3578)
> ==8580== by 0x4AABB5: reap_filters (ffmpeg.c:1424)
> ==8580== by 0x4AFFF8: transcode_step (ffmpeg.c:4546)
> ==8580== by 0x4AFFF8: transcode (ffmpeg.c:4590)
> ==8580== by 0x48DF41: main (ffmpeg.c:4796)
I have send a new patch to fix it :)
> ==8580==
>
> Regards,
> Marton
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
More information about the ffmpeg-devel
mailing list