[FFmpeg-devel] fftools/ffmpeg_optc AVDictionary **opts, If memory allocation fails,

Fri Dec 3 11:33:57 EET 2021

Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL.
This situation is compatible in avformat_find_stream_info(). 
Before av_dict_free(), the necessary checks were ignored.

// in fftools/ffmpeg_opt.c:1266
1067 static int open_input_file(OptionsContext *o, const char *filename)
1068 {
      ...
1191         AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts);
      ...
1196         ret = avformat_find_stream_info(ic, opts);
1197 
1198         for (i = 0; i < orig_nb_streams; i++)
1199             av_dict_free(&opts[i]);
      ...
1342 }
```
```c
// in libavutil/dict.c:203
203 void av_dict_free(AVDictionary **pm)
204 {
205     AVDictionary *m = *pm;
      ...
215 }

coredump backtrace info:
==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
==6235==The signal is caused by a READ memory access.
==6235==Hint: address points to the zero page.
    #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
    #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
    #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
    #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
    #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
    #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)

Reported-by: TOTE Robot <oslab at tsinghua.edu.cn>
Signed-off-by: Yu Yang <young_chelsea at 163.com>
---
 fftools/ffmpeg_opt.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
index a27263b879..a9fc54d948 100644
--- a/fftools/ffmpeg_opt.c
+++ b/fftools/ffmpeg_opt.c
@@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename)
         /* If not enough info to get the stream parameters, we decode the
            first frames to get it. (used in mpeg case for example) */
         ret = avformat_find_stream_info(ic, opts);
-
-        for (i = 0; i < orig_nb_streams; i++)
-            av_dict_free(&opts[i]);
-        av_freep(&opts);
+        if (opts){
+            for (i = 0; i < orig_nb_streams; i++)
+                av_dict_free(&opts[i]);
+            av_freep(&opts);
+        }
 
         if (ret < 0) {
             av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename);
-- 
2.33.1

