[FFmpeg-devel] [Patch] fix ffprobe crash #3603

Wed May 14 17:08:40 CEST 2014

On date Tuesday 2014-05-13 09:55:45 +0530, Anshul encoded:
[...]
> From 53a415cec2b682a060ba1de154796dd32c0c81c9 Mon Sep 17 00:00:00 2001
> From: Anshul <er.anshul.maheshwari at gmail.com>
> Date: Mon, 12 May 2014 23:15:20 +0530
> Subject: [PATCH] ffprobe: fix crash because of new streams occuring
> 
> Fix ticket #3603
> ---
>  ffprobe.c | 23 ++++++++++++++++++-----
>  1 file changed, 18 insertions(+), 5 deletions(-)
> 
> diff --git a/ffprobe.c b/ffprobe.c
> index c6e0469..0090783 100644
> --- a/ffprobe.c
> +++ b/ffprobe.c
> @@ -191,6 +191,7 @@ static const char unit_hertz_str[]          = "Hz"   ;
>  static const char unit_byte_str[]           = "byte" ;
>  static const char unit_bit_per_second_str[] = "bit/s";
>  
> +static int nb_streams;
>  static uint64_t *nb_streams_packets;
>  static uint64_t *nb_streams_frames;
>  static int *selected_streams;
> @@ -1632,6 +1633,13 @@ static void writer_register_all(void)
>  #define print_section_header(s) writer_print_section_header(w, s)
>  #define print_section_footer(s) writer_print_section_footer(w, s)
>  
> +#define CHECK_END if (ret < 0) goto end
> +#define REALLOCZ_ARRAY_STREAM (ptr, cur_n, new_n)                      \
> +{                                                                      \
> +    ret = av_reallocp_array(&(ptr), (new_n), sizeof(*(ptr)));          \
> +    CHECK_END;                                                         \

> +    memset( (ptr) + (cur_n), 0, (new_n) - (cur_n) * sizeof(*(ptr)) );  \

Ehm, this should be ((new_n) - (cur_n)) * sizeof(*(ptr))

> +}
>  static inline int show_tags(WriterContext *w, AVDictionary *tags, int section_id)
>  {
>      AVDictionaryEntry *tag = NULL;
> @@ -1893,6 +1901,12 @@ static int read_interval_packets(WriterContext *w, AVFormatContext *fmt_ctx,
>          goto end;
>      }
>      while (!av_read_frame(fmt_ctx, &pkt)) {
> +        if (fmt_ctx->nb_streams > nb_streams) {
> +            REALLOCZ_ARRAY_STREAM(nb_streams_frames, nb_streams, fmt_ctx->nb_streams);
> +            REALLOCZ_ARRAY_STREAM(nb_streams_packets,nb_streams,fmt_ctx->nb_streams);
> +            REALLOCZ_ARRAY_STREAM(selected_streams,nb_streams,fmt_ctx->nb_streams);
> +            nb_streams = fmt_ctx->nb_streams;
> +        }
>          if (selected_streams[pkt.stream_index]) {
>              AVRational tb = fmt_ctx->streams[pkt.stream_index]->time_base;
>  
> @@ -2372,11 +2386,10 @@ static int probe_file(WriterContext *wctx, const char *filename)
>      if (ret < 0)
>          return ret;

>  
> -#define CHECK_END if (ret < 0) goto end
> -
> -    nb_streams_frames  = av_calloc(fmt_ctx->nb_streams, sizeof(*nb_streams_frames));
> -    nb_streams_packets = av_calloc(fmt_ctx->nb_streams, sizeof(*nb_streams_packets));
> -    selected_streams   = av_calloc(fmt_ctx->nb_streams, sizeof(*selected_streams));
> +    nb_streams = fmt_ctx->nb_streams;
> +    REALLOCZ_ARRAY_STREAM(nb_streams_frames,0,fmt_ctx->nb_streams);
> +    REALLOCZ_ARRAY_STREAM(nb_streams_packets,0,fmt_ctx->nb_streams);
> +    REALLOCZ_ARRAY_STREAM(selected_streams,0,fmt_ctx->nb_streams);

What's the point of this hunk?
-- 
FFmpeg = Faithful and Freak Mastering Purposeless Elaborated Geisha