[FFmpeg-devel] & vs. &&

Benoit Fouet benoit.fouet
Tue Oct 13 13:54:42 CEST 2009


On 2009-10-13 09:50, Reimar D?ffinger wrote:
> On Tue, Oct 13, 2009 at 08:33:36AM +0200, Benoit Fouet wrote:
>> On 2009-10-12 18:52, Reimar D?ffinger wrote:
>>> On Mon, Oct 12, 2009 at 06:41:20PM +0200, Benoit Fouet wrote:
>>>>> So, I have a patch now:
>>>>> Index: libavformat/aviobuf.c
>>>>> ===================================================================
>>>>> --- libavformat/aviobuf.c       (revision 20209)
>>>>> +++ libavformat/aviobuf.c       (working copy)
>>>>> @@ -590,7 +590,7 @@ int url_setbufsize(ByteIOContext *s, int
>>>>>  int url_resetbuf(ByteIOContext *s, int flags)
>>>>>  {
>>>>>      URLContext *h = s->opaque;
>>>>> -    if ((flags & URL_RDWR) || (h && h->flags != flags && !h->flags &
>>>>> URL_RDWR))
>>>>> +    if ((flags & URL_RDWR) || (h && h->flags != flags && !(h->flags &
>>>>> URL_RDWR)))
>>>>>          return AVERROR(EINVAL);
>>>>>
>>>>>      if (flags & URL_WRONLY) {
>>>>>
>>>>>
>>>>> This is crashing the following command line on my machine (triggered by
>>>>> make test), can anybody reproduce ?
>>>>>
>>>>> $ gdb --args ./ffmpeg_g -v 0 -y -flags +bitexact -dct fastint -idct
>>>>> simple -sws_flags +accurate_rnd+bitexact -t 1 -qscale 10 -f image2
>>>>> -vcodec pgmyuv -i ./tests/vsynth1/%02d.pgm -f s16le -i
>>>>> ././tests/data/asynth1.sw -acodec mp2
>>>>> ././tests/data/b-lavf.nut                                                                                                                                                        
>>>>>
>>>> The problem seems to be in the handling of buf_end.
>>>> When entering put_buffer() from libavformat/nutenc.c:389, the
>>>> ByteIOContext is as follows:
>>>> {buffer = 0xa465324 "\003",
>>>>  buffer_size = 1024,
>>>>  buf_ptr = 0xa465324 "\003",
>>>>  buf_end = 0x0,
>>> That is almost certainly due to url_resetbuf failing (and I don't think
>>> there is any use of it that actually checks for failure).
>>> You could try if using
>>> if ((flags & URL_RDWR) || (h && (h->flags & (URL_RDONLY | URL_WRONLY | URL_RDWR)) != flags && !(h->flags & URL_RDWR)))
>>> helps any...
>> it doesn't. url_resetbuf is not even called before the crash (maybe it's
>>  a problem)
> 
> Hm? How can a change to url_resetbuf make a difference if url_resetbuf
> was never called? I think there's something wrong with how you tested...

I don't know what I did yesterday, but I must have been dreaming while
doing it...

Anyway, after some more investigations, the problem seems to be when
url_open_dyn_buf is called.
url_open_dyn_buf_internal is calling init_put_byte with the opaque
parameter set as DynBuffer*, when url_resetbuf is assuming it is an
URLContext. So the test is not relevant when verifying h->flags in the
patch I sent earlier.

So my guess is that url_open_dyn_buf_internal is buggy.
I don't know what to do, but hope that helps knowledgeable people :)

Ben




More information about the ffmpeg-devel mailing list