[Ffmpeg-devel] Bug report...

Michael Niedermayer michaelni
Tue Jan 9 12:59:40 CET 2007 

Hi

On Mon, Jan 08, 2007 at 05:35:56PM -0500, Michael Tiller wrote:
> I'm a MythTV user and was asked by the MythTV developers to report two
> issues I found.  One of the issues generates an floating point exception and
> the other generates a segmentation fault due to a null pointer.
> 
> The first issue is in rational.c.  The problem occurs when the num and den
> variables are both zero and this triggers a division by zero.  I don't know
> exactly how such an error should be dealt with but I took a shot at it with
> this patch:
> 
> Index: libs/libavutil/rational.c
> ===================================================================
> --- libs/libavutil/rational.c   (revision 12454)
> +++ libs/libavutil/rational.c   (working copy)
> @@ -36,8 +36,12 @@
>     int sign= (nom<0) ^ (den<0);
>     int64_t gcd= ff_gcd(ABS(nom), ABS(den));
> 
> +    if (den==0) {
> +        return den==0;
> +    }

rejected this leaves dst_* uninitalized
also the den==0 is redundant in the return, the patch is messed up (should
have been attached)


>     nom = ABS(nom)/gcd;
>     den = ABS(den)/gcd;
> +
>     if(nom<=max && den<=max){

cosmetic


ive fixed this correctly



[...]
> The other issue is in mpeg12.c.  

seperate issues belong to seperate mails, this simplifies our work alot ...


> In this case, one of the data structures
> has a null pointer but it gets dereferenced.  At this point I should point
> out that the file I'm reading was recorded using an HDHomerun from a QAM
> source.  I'm pretty sure the file is corrupted somehow but the point is that
> it would be good that FFMPEG fail gracefully in these cases rather than
> generate an error.  Once again, I have a patch:
> 
> Index: libs/libavcodec/mpeg12.c
> 
> ===================================================================
> --- libs/libavcodec/mpeg12.c    (revision 12454)
> +++ libs/libavcodec/mpeg12.c    (working copy)
> @@ -1468,6 +1468,9 @@
>         }
>     }
> 
> +    if (s->current_picture.mb_type==0) {
> +      return -1;
> +    }
>     s->current_picture.mb_type[ s->mb_x + s->mb_y*s->mb_stride ]= mb_type;

mpeg_decode_mb() must not be called if s->current_picture is not setup
correctly

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The worst form of inequality is to try to make unequal things equal.
-- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070109/e6d315e2/attachment.pgp>

More information about the ffmpeg-devel mailing list