[Ffmpeg-devel] ffmpeg segfault

Vidar Madsen vidarino
Thu Jul 14 13:59:13 CEST 2005 

Hi.

I'm getting a consistent segfault when trying to convert an AMR file
to MP3 (or any other output format, for that matter):

$ ffmpeg -y -i atlantis.amr x.mp3
ffmpeg version 0.4.9-pre1, build 4757, Copyright (c) 2000-2004 Fabrice Bellard
  configuration:  --enable-a53 --enable-pthreads --enable-gpl
--enable-mp3lame --enable-amr_nb-fixed --enable-amr_nb --enable-amr_wb
  built on Jul 14 2005 13:44:32, gcc: 3.3.5
Input #0, amr, from 'atlantis.amr':
  Duration: N/A, bitrate: N/A
  Stream #0.0: Audio: amr_nb, 8000 Hz, mono
Output #0, mp3, to 'x.mp3':
  Stream #0.0: Audio: mp3, 8000 Hz, mono, 64 kb/s
Stream mapping:
  Stream #0.0 -> #0.0
Press [q] to stop encoding
Segmentation fault

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 2777)]
amr_nb_decode_frame (avctx=0xbfffeebc, data=0x83ad2d0,
data_size=0xbfffeebc, buf=0x0, buf_size=0) at amr.c:234
234             toc=amrData[offset];
(gdb) bt
#0  amr_nb_decode_frame (avctx=0xbfffeebc, data=0x83ad2d0,
data_size=0xbfffeebc, buf=0x0, buf_size=0)
    at amr.c:234
#1  0x080a252a in avcodec_decode_audio (avctx=0x83a3b18,
samples=0x402e7008, frame_size_ptr=0xbfffeebc,
    buf=0x0, buf_size=0) at utils.c:645
#2  0x0805d28e in output_packet (ist=0x83ad2d0, ist_index=0,
ost_table=0x83ad320, nb_ostreams=1, pkt=0x0)
    at ffmpeg.c:1229
#3  0x0805e162 in av_encode (output_files=0x8336d40,
nb_output_files=1, input_files=0x8336c40,
    nb_input_files=1, stream_maps=0x8336da0, nb_stream_maps=0) at ffmpeg.c:2101
#4  0x08063133 in main (argc=10000, argv=0xbffff644) at ffmpeg.c:4485

This happens as soon as the file reaches EOF, which means
avcodec_decode_audio is called with zero buf and buf_size.

A quick glance thought the code seems to indicate that
amr_nb_decode_frame doesn't check if its supplied buffer ("buf") is
NULL before accessing it:

    uint8_t*amrData=buf;
    int offset=0;
    [...]
        toc=amrData[offset];

I guess the fix should be trivial, but I don't have time to dig deeper
right now. Nor am I sure if just retuning early if(!buf) is the
correct solution. Anyone?

Vidar

More information about the ffmpeg-devel mailing list