[FFmpeg-devel] memory corruption in avio_read

Mikhail I. Izmestev im at cgtribe.com
Thu Feb 9 08:47:11 CET 2012 

Hi,

I have crashes in my application caused by memory corruption. During 
analyzing of dumps I see one thread head at avio_read and it's 
AVIOContext looks strange

struct AVIOContext * 0x00000000`b2b85b60
    +0x000 buffer           : 0x00000000`da767fe0  ""
    +0x008 buffer_size      : 32768
    +0x010 buf_ptr          : 0x00000000`da76d405"--- memory read error at address 0x00000000`da76d405 ---"
    +0x018 buf_end          : 0x00000000`da767fe0  ""
    +0x020 opaque           : 0x00000000`b5baff00
    +0x028 read_packet      : 0x00000000`64954b70int   avformat_52!ffurl_read+0
    +0x030 write_packet     : 0x00000000`64954d20int   avformat_52!ffurl_write+0
    +0x038 seek             : 0x00000000`64954e00     int64  avformat_52!ffurl_seek+0
    +0x040 pos              : 109795
    +0x048 must_flush       : 0
    +0x04c eof_reached      : 0
    +0x050 write_flag       : 0
    +0x054 is_streamed      : 0
    +0x058 max_packet_size  : 0
    +0x05c checksum         : 0
    +0x060 checksum_ptr     : (null)
    +0x068 update_checksum  : (null)
    +0x070 error            : 0
    +0x078 read_pause       : (null)
    +0x080 read_seek        : (null)
    +0x088 seekable         : 1


exactly this:

    +0x010 buf_ptr          : 0x00000000`da76d405"--- memory read error at address 0x00000000`da76d405 ---"
    +0x018 buf_end          : 0x00000000`da767fe0  ""


so we have:

int  avio_read(AVIOContext *s, unsignedchar  *buf,int  size)
{
     int  len, size1;

     size1 = size;
     while  (size>  0) {
         len = s->buf_end - s->buf_ptr;
         if  (len>  size)
             len = size;
         if  (len == 0) {
[...]
         }else  {
             memcpy(buf, s->buf_ptr, len);
             buf += len;
             s->buf_ptr += len;
             size -= len;
         }
     }
[...]
}

len is less than zero, I think you know what would then...

ffmpeg version 0.7.3, Copyright (c) 2000-2011 the FFmpeg developers
   built on Sep  8 2011 14:51:33 with gcc 4.5.4 20110822 (prerelease)
   configuration: --enable-shared --disable-static 
--enable-memalign-hack --disable-avfilter --arch=x86_64 
--cross-prefix=x86_64-w64-mingw32- --target-os=mingw32 --disable-dxva2
   libavutil    50. 43. 0 / 50. 43. 0
   libavcodec   52.122. 0 / 52.122. 0
   libavformat  52.110. 0 / 52.110. 0
   libavdevice  52.  5. 0 / 52.  5. 0
   libswscale    0. 14. 1 /  0. 14. 1

this is not latest version, so is this corruption was fixed in latest code?
Or can someone tell me what this problem can caused by my code?

Mikhail.

More information about the ffmpeg-devel mailing list