[FFmpeg-devel] [PATCH 11/12] avformat/nutenc: Don't segfault when chapters are added during muxing

Thu May 7 18:15:14 EEST 2020

On Tue, May 05, 2020 at 04:16:56PM +0200, Andreas Rheinhardt wrote:
> When writing the header, the NUT muxer allocates an array with as many
> entries as there are chapters containing information about the used
> timebase. This information is used when writing the headers and also
> when resending the headers (as the NUT muxer does from time to time).
> 
> When the NUT muxer writes or resends the headers, it simply presumes
> that there are enough entries in its array for each chapter in the
> AVFormatContext. Yet users are allowed to add chapters during the muxing
> process, so this presumption is wrong and may lead to segfaults.
> 
> So explicitly store the number of entries of the chapter array and refer
> to this number whenever headers are written.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
> This patch presumes that the user may not change or remove the chapters
> available during writing the header (if there were chapters available
> when writing the header at all). I hope this is ok.
> 
>  libavformat/nut.h    | 1 +
>  libavformat/nutenc.c | 3 ++-
>  2 files changed, 3 insertions(+), 1 deletion(-)

how do i apply this (for testing) ?
on its own it fails and it seems the previous patchset doesnt like applying
anymore either 

> 
> diff --git a/libavformat/nut.h b/libavformat/nut.h
> index a4409ee23d..52225fed93 100644
> --- a/libavformat/nut.h
> +++ b/libavformat/nut.h
> @@ -115,6 +115,7 @@ typedef struct NUTContext {
>      int flags;
>      int version; // version currently in use
>      int minor_version;
> +    unsigned nb_chapters;
>  } NUTContext;
>  
>  extern const AVCodecTag ff_nut_subtitle_tags[];
> diff --git a/libavformat/nutenc.c b/libavformat/nutenc.c
> index 5071278835..2d35c44b79 100644
> --- a/libavformat/nutenc.c
> +++ b/libavformat/nutenc.c
> @@ -675,7 +675,7 @@ static int write_headers(AVFormatContext *avctx, AVIOContext *bc)
>              goto fail;
>      }
>  
> -    for (i = 0; i < nut->avf->nb_chapters; i++) {
> +    for (i = 0; i < nut->nb_chapters; i++) {
>          write_chapter(nut, dyn_bc, i, prelude, &prelude_size);

also if i read this correctly, this would not write all chapters.
That seems not ideal

Thanks

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The real ebay dictionary, page 2
"100% positive feedback" - "All either got their money back or didnt complain"
"Best seller ever, very honest" - "Seller refunded buyer after failed scam"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200507/28200c04/attachment.sig>