[FFmpeg-devel] [PATCHv4 4/7] vorbis: append data from tags together

Ben Boeckel mathstuf at gmail.com
Mon Jan 13 04:19:29 CET 2014

On Wed, 20 Nov, 2013 at 17:21:12 GMT, Michael Niedermayer wrote:
>=2E/ffprobe tickets/1833/vorbis_chapter_extension_demo.ogg
> crashes with memory corruption

Sorry for the long delay; been busy and this stuff got lost in the
shuffle. The cause is that ogm_chapter stole a reference if it found a
chapter and tried to free the value if so. This failed since the value
passed in is one-off the actual block header to account for the
separator (and avoid a malloc/memmove if it is needed). Instead of
having it do that, I changed it to copy the data out and never steal the
memory. I looked through the other paths where vt is passed and nothing
else tries to steal it. Responsibility of free'ing the data passed to
ogm_chapter is now always the caller's job (only one instance).

Patch series incoming.

> I think this patchset could benefit from more testing

I ran ffprobe over all the ogg files on my system without a crash (and
tags look sane). The vast majority are from the OGG conversion of my
music library, but I also found files from games (Wesnoth, VVVVVV,
Bastion, PenumbraOverture, and other HumbleBundle games I have
installed) which worked fine.

> including zzuf

I ran:

    zzuf -s 0:255 -r 0.001:0.05 -c ../build/ffprobe vorbis_chapter_extension_demo.ogg

without a crash.


More information about the ffmpeg-devel mailing list