[FFmpeg-devel] [PATCH] mov: fix decode of fragments that overlap in time
John Stebbins
stebbins at jetheaddev.com
Wed Oct 11 04:10:47 EEST 2017
On 10/10/2017 09:57 AM, Michael Niedermayer wrote:
> On Mon, Oct 09, 2017 at 01:09:11PM -0700, John Stebbins wrote:
>> When keyframe intervals of dash segments are not perfectly aligned,
>> fragments in the stream can overlap in time. The previous sorting by
>> timestamp causes packets to be read out of decode order and results
>> in decode errors.
>>
>> Insert new "trun" index entries into index_entries in the order that
>> the trun are referenced by the sidx.
>> ---
>> libavformat/isom.h | 26 +-
>> libavformat/mov.c | 678 ++++++++++++++++++++++++++++++++++++-----------------
>> 2 files changed, 479 insertions(+), 225 deletions(-)
> This seems to have a bug with
> ./ffprobe -v 99 ~/tickets/2757/MAV_0034.3G2
>
> file should be there:
> https://trac.ffmpeg.org/attachment/ticket/2757/MAV_0034.3G2
>
> which eventually crashes
> the first anomaly may be:
> ==27682== Conditional jump or move depends on uninitialised value(s)
> ==27682== at 0x6A4819: mov_read_packet (in ffmpeg/ffprobe_g)
> ==27682== by 0x74C441: ff_read_packet (in ffmpeg/ffprobe_g)
> ==27682== by 0x74F7B0: read_frame_internal (in ffmpeg/ffprobe_g)
> ==27682== by 0x753E0B: avformat_find_stream_info (in ffmpeg/ffprobe_g)
> ==27682== by 0x4ABC07: main (in ffmpeg/ffprobe_g)
>
> but the final abort does not occur under valgrind
> under gdb this hapens:
> #0 0x00007fffed66ac37 in raise () from /lib/x86_64-linux-gnu/libc.so.6
> #1 0x00007fffed66e028 in abort () from /lib/x86_64-linux-gnu/libc.so.6
> #2 0x00007fffed6a72a4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #3 0x00007fffed6b382e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
> #4 0x000000000075351f in ff_rfps_calculate ()
> #5 0x000000000069d509 in mov_read_header ()
> #6 0x00000000007576c6 in avformat_open_input ()
> #7 0x00000000004abb93 in main ()
>
> this also doesnt occur when built with full debug symbols with line numbers
>
>
Thanks. I didn't realloc ctts_data properly in mov_read_trun. I incorrectly assumed ctts_count always ==
nb_index_entries. Fixed.
--
John GnuPG fingerprint: D0EC B3DB C372 D1F1 0B01 83F0 49F1 D7B2 60D4 D0F7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20171010/f6ce77c0/attachment.sig>
More information about the ffmpeg-devel
mailing list