[FFmpeg-devel] fftools/ffmpeg_optc AVDictionary **opts, If memory allocation fails,
Yy
young_chelsea at 163.com
Tue Dec 7 08:12:09 EET 2021
> 2021年12月7日 上午1:48,Andreas Rheinhardt <andreas.rheinhardt at outlook.com> 写道:
>
> Yy:
>>
>>
>>> 2021年12月3日 下午8:06,Yy <young_chelsea at 163.com> 写道:
>>>
>>>
>>>
>>>> 2021年12月3日 下午5:42,Andreas Rheinhardt <andreas.rheinhardt at outlook.com <mailto:andreas.rheinhardt at outlook.com>> 写道:
>>>>
>>>> Yu Yang:
>>>>> Opts is assigned by setup_find_stream_info_opts(). Opts may be NULL.
>>>>> This situation is compatible in avformat_find_stream_info().
>>>>> Before av_dict_free(), the necessary checks were ignored.
>>>>>
>>>>> // in fftools/ffmpeg_opt.c:1266
>>>>> 1067 static int open_input_file(OptionsContext *o, const char *filename)
>>>>> 1068 {
>>>>> ...
>>>>> 1191 AVDictionary **opts = setup_find_stream_info_opts(ic, o->g->codec_opts);
>>>>> ...
>>>>> 1196 ret = avformat_find_stream_info(ic, opts);
>>>>> 1197
>>>>> 1198 for (i = 0; i < orig_nb_streams; i++)
>>>>> 1199 av_dict_free(&opts[i]);
>>>>> ...
>>>>> 1342 }
>>>>> ```
>>>>> ```c
>>>>> // in libavutil/dict.c:203
>>>>> 203 void av_dict_free(AVDictionary **pm)
>>>>> 204 {
>>>>> 205 AVDictionary *m = *pm;
>>>>> ...
>>>>> 215 }
>>>>>
>>>>> coredump backtrace info:
>>>>> ==6235==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000006ba9c2f bp 0x7ffc3d5baa30 sp 0x7ffc3d5ba9a0 T0)
>>>>> ==6235==The signal is caused by a READ memory access.
>>>>> ==6235==Hint: address points to the zero page.
>>>>> #0 0x6ba9c2f in av_dict_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavutil/dict.c:205:23
>>>>> #1 0x4ce5ac in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1199:13
>>>>> #2 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15
>>>>> #3 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11
>>>>> #4 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11
>>>>> #5 0x7fe35197f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
>>>>> #6 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d)
>>>>>
>>>>> Reported-by: TOTE Robot <oslab at tsinghua.edu.cn>
>>>>> Signed-off-by: Yu Yang <young_chelsea at 163.com>
>>>>> ---
>>>>> fftools/ffmpeg_opt.c | 9 +++++----
>>>>> 1 file changed, 5 insertions(+), 4 deletions(-)
>>>>>
>>>>> diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
>>>>> index a27263b879..a9fc54d948 100644
>>>>> --- a/fftools/ffmpeg_opt.c
>>>>> +++ b/fftools/ffmpeg_opt.c
>>>>> @@ -1197,10 +1197,11 @@ static int open_input_file(OptionsContext *o, const char *filename)
>>>>> /* If not enough info to get the stream parameters, we decode the
>>>>> first frames to get it. (used in mpeg case for example) */
>>>>> ret = avformat_find_stream_info(ic, opts);
>>>>> -
>>>>> - for (i = 0; i < orig_nb_streams; i++)
>>>>> - av_dict_free(&opts[i]);
>>>>> - av_freep(&opts);
>>>>> + if (opts){
>>>>> + for (i = 0; i < orig_nb_streams; i++)
>>>>> + av_dict_free(&opts[i]);
>>>>> + av_freep(&opts);
>>>>> + }
>>>>>
>>>>> if (ret < 0) {
>>>>> av_log(NULL, AV_LOG_FATAL, "%s: could not find codec parameters\n", filename);
>>>>>
>>>>
>>>> You should instead check setup_find_stream_info_opts() (either only call
>>>> it if orig_nb_streams is > 0 or modify it to return an error code given
>>>> that it can currently return NULL even on nonerror).
>>> Thanks for your advice, i will try to fix it again.
>>>> - Andreas
>> Hi, I try to fix this problem lastday and it not work. Today, I refer to your suggestion
>> above to modify. But I think may be you misunderstood this bug. Because of no alloc memory for stream opts, ‘&opts[I]’ free caused crash. And if orig_nb_streams == 0,
>> crash won’t happen. So I think it is unnecessary to fix it call setup_find_stream_info_opts()
>> If orig_nb_streams is > 0. Opts == NULL when orig_nb_streams == 0 or no alloc memory.
>> I don’t think it is error. Because avformat_find_stream_info() allow opts == NULL.
>> But we need to check if opts == NULL before releasing. May be this fix is right?
>> How do you think?
>> Thx.
>> -Yu Yang
>
> We don't need to check for opts == NULL before releasing if we actually
> checked that this array has been properly allocated in case it needs to
> be allocated; in case it could not be allocated, we should not call
> avformat_find_stream_info() at all.
I got it now. You mean it is redundant to check opts twice. It should
return error when it could not be allocated at first time. I will resubmit a
new patch today.
Thanks for your answer. : )
>
> - Andreas
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list