[FFmpeg-devel] [GSoC 2015] Segmentation fault with av_malloc()
Niklesh Lalwani
lalwani1994 at gmail.com
Fri Jul 3 19:47:09 CEST 2015
Hello everyone,
I am working with movtextdec.c to implement support for various Text
Modifier Boxes. I am getting a segmentation fault with m->style_temp =
av_malloc() and I cannot figure out why. I tried to play around with
several things to find out the reason, but in vain. Must be something
pretty straightforward that I am overlooking here.
Diff appended below.
Thanks,
Niklesh
------------------------------------------
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index a3afd91..bf9fa71 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -26,6 +26,7 @@
#include "libavutil/bprint.h"
#include "libavutil/intreadwrite.h"
#include "libavutil/mem.h"
+ #include <stdio.h>
#define STYLE_FLAG_BOLD (1<<0)
#define STYLE_FLAG_ITALIC (1<<1)
@@ -37,31 +38,150 @@ typedef struct {
uint8_t style_flag;
} StyleBox;
+typedef struct {
+ uint16_t hlit_start;
+ uint16_t hlit_end;
+} HighlightBox;
+
+typedef struct {
+ uint8_t hlit_color[4];
+} HilightcolorBox;
+
+typedef struct {
+ int styl;
+ int hlit;
+ int hclr;
+} Box_flags;
+
+typedef struct {
+ StyleBox **s;
+ StyleBox *style_temp;
+ HighlightBox h;
+ HilightcolorBox c;
+ Box_flags f;
+ uint16_t style_entries;
+ uint64_t tracksize;
+ int size_var;
+} MovTextContext;
+
+struct Box
+{
+ uint32_t type;
+ size_t base_size;
+ int (*decode)(const uint8_t *tsmb, MovTextContext *m, AVPacket *avpkt);
+};
+
+static int decode_hlit(const uint8_t *tsmb, MovTextContext *m, AVPacket
*avpkt)
+{
+ m->f.hlit = 1;
+ m->h.hlit_start = AV_RB16(tsmb);
+ tsmb += 2;
+ m->h.hlit_end = AV_RB16(tsmb);
+ tsmb += 2;
+ return 0;
+}
+
+static int decode_hclr(const uint8_t *tsmb, MovTextContext *m, AVPacket
*avpkt)
+{
+ m->f.hclr = 1;
+ m->c.hlit_color[0] = *tsmb++;
+ m->c.hlit_color[1] = *tsmb++;
+ m->c.hlit_color[2] = *tsmb++;
+ m->c.hlit_color[3] = *tsmb++;
+ return 0;
+}
+
+static int decode_styl(const uint8_t *tsmb, MovTextContext *m, AVPacket
*avpkt)
+{
+ int count_s, i;
+ m->style_entries = AV_RB16(tsmb);
+ tsmb += 2;
+ // A single style record is of length 12 bytes.
+ if (m->tracksize + m->size_var + 2 + m->style_entries * 12 >
avpkt->size)
+ return -1;
+ m->f.styl = 1;
+ for(i = 0; i < m->style_entries; i++) {
+ m->style_temp = av_malloc(sizeof(StyleBox));
+ if (!m->style_temp)
+ goto error;
+ m->style_temp->style_start = AV_RB16(tsmb);
+ tsmb += 2;
+ m->style_temp->style_end = AV_RB16(tsmb);
+ tsmb += 2;
+ // fontID = AV_RB16(tsmb);
+ tsmb += 2;
+ m->style_temp->style_flag = AV_RB8(tsmb);
+ av_dynarray_add(&m->s, &count_s, m->style_temp);
+ if(!m->s)
+ goto error;
+ // fontsize = AV_RB8(tsmb);
+ tsmb += 2;
+ // text-color-rgba
+ tsmb += 4;
+ }
+ return 0;
+
+error:
+ for(i = 0; i < count_s; i++) {
+ av_freep(&m->s[i]);
+ }
+ av_freep(&m->s);
+ if (m->style_temp)
+ av_freep(&m->style_temp);
+ //av_bprint_finalize(&buf, NULL);
+ return AVERROR(ENOMEM);
+}
+
+struct Box box_types[] = {
+ { MKBETAG('s','t','y','l'), 2, decode_styl },
+ { MKBETAG('h','l','i','t'), 4, decode_hlit },
+ { MKBETAG('h','c','l','r'), 4, decode_hclr }
+};
+
+const static size_t box_count = sizeof(box_types) / sizeof(struct Box);
+
static int text_to_ass(AVBPrint *buf, const char *text, const char
*text_end,
- StyleBox **s, int style_entries)
+ MovTextContext *m)
{
int i = 0;
int text_pos = 0;
while (text < text_end) {
- for (i = 0; i < style_entries; i++) {
- if (s[i]->style_flag && text_pos == s[i]->style_end) {
- if (s[i]->style_flag & STYLE_FLAG_BOLD)
- av_bprintf(buf, "{\\b0}");
- if (s[i]->style_flag & STYLE_FLAG_ITALIC)
- av_bprintf(buf, "{\\i0}");
- if (s[i]->style_flag & STYLE_FLAG_UNDERLINE)
- av_bprintf(buf, "{\\u0}");
+ if (m->f.styl) {
+ for (i = 0; i < m->style_entries; i++) {
+ if (m->s[i]->style_flag && text_pos == m->s[i]->style_end)
{
+ if (m->s[i]->style_flag & STYLE_FLAG_BOLD)
+ av_bprintf(buf, "{\\b0}");
+ if (m->s[i]->style_flag & STYLE_FLAG_ITALIC)
+ av_bprintf(buf, "{\\i0}");
+ if (m->s[i]->style_flag & STYLE_FLAG_UNDERLINE)
+ av_bprintf(buf, "{\\u0}");
+ }
+ }
+ for (i = 0; i < m->style_entries; i++) {
+ if (m->s[i]->style_flag && text_pos ==
m->s[i]->style_start) {
+ if (m->s[i]->style_flag & STYLE_FLAG_BOLD)
+ av_bprintf(buf, "{\\b1}");
+ if (m->s[i]->style_flag & STYLE_FLAG_ITALIC)
+ av_bprintf(buf, "{\\i1}");
+ if (m->s[i]->style_flag & STYLE_FLAG_UNDERLINE)
+ av_bprintf(buf, "{\\u1}");
+ }
}
}
-
- for (i = 0; i < style_entries; i++) {
- if (s[i]->style_flag && text_pos == s[i]->style_start) {
- if (s[i]->style_flag & STYLE_FLAG_BOLD)
- av_bprintf(buf, "{\\b1}");
- if (s[i]->style_flag & STYLE_FLAG_ITALIC)
- av_bprintf(buf, "{\\i1}");
- if (s[i]->style_flag & STYLE_FLAG_UNDERLINE)
- av_bprintf(buf, "{\\u1}");
+ if (m->f.hlit) {
+ if (text_pos == m->h.hlit_start) {
+ if (m->f.hclr) {
+ av_bprintf(buf, "{\\2c&H%02x%02x%02x&}",
m->c.hlit_color[2], m->c.hlit_color[1], m->c.hlit_color[0]);
+ } else {
+ av_bprintf(buf, "{\\1c&H000000&}{\\2c&HFFFFFF}");
+ }
+ }
+ if (text_pos == m->h.hlit_end) {
+ if (m->f.hclr) {
+ av_bprintf(buf, "{\\2c&H000000}");
+ } else {
+ av_bprintf(buf, "{\\1c&HFFFFFF&}{\\2c&H000000}");
+ }
}
}
@@ -78,7 +198,6 @@ static int text_to_ass(AVBPrint *buf, const char *text,
const char *text_end,
text++;
text_pos++;
}
-
return 0;
}
@@ -96,17 +215,16 @@ static int mov_text_decode_frame(AVCodecContext *avctx,
void *data, int *got_sub_ptr, AVPacket *avpkt)
{
AVSubtitle *sub = data;
+ MovTextContext *m = avctx->priv_data;
int ret, ts_start, ts_end;
AVBPrint buf;
char *ptr = avpkt->data;
char *end;
//char *ptr_temp;
- int text_length, tsmb_type, style_entries;
- uint64_t tsmb_size, tracksize;
- StyleBox **s = {0, };
- StyleBox *s_temp;
+ int text_length, tsmb_type;
+ uint64_t tsmb_size;
const uint8_t *tsmb;
- int count, i, size_var;
+ int i;
if (!ptr || avpkt->size < 2)
return AVERROR_INVALIDDATA;
@@ -138,73 +256,53 @@ static int mov_text_decode_frame(AVCodecContext
*avctx,
(AVRational){1,100});
tsmb_size = 0;
- tracksize = 2 + text_length;
+ m->tracksize = 2 + text_length;
+ m->style_entries = 0;
+ m->f.styl = 0;
+ m->f.hlit = 0;
+ m->f.hclr = 0;
// Note that the spec recommends lines be no longer than 2048
characters.
av_bprint_init(&buf, 0, AV_BPRINT_SIZE_UNLIMITED);
if (text_length + 2 != avpkt->size) {
- while (tracksize + 8 <= avpkt->size) {
+ while (m->tracksize + 8 <= avpkt->size) {
// A box is a minimum of 8 bytes.
- tsmb = ptr + tracksize - 2;
+ tsmb = ptr + m->tracksize - 2;
tsmb_size = AV_RB32(tsmb);
tsmb += 4;
tsmb_type = AV_RB32(tsmb);
tsmb += 4;
if (tsmb_size == 1) {
- if (tracksize + 16 > avpkt->size)
+ if (m->tracksize + 16 > avpkt->size)
break;
tsmb_size = AV_RB64(tsmb);
tsmb += 8;
- size_var = 18;
+ m->size_var = 16;
} else
- size_var = 10;
- //size_var is equal to 10 or 18 depending on the size of box
+ m->size_var = 8;
+ //size_var is equal to 8 or 16 depending on the size of box
- if (tracksize + tsmb_size > avpkt->size)
+ if (m->tracksize + tsmb_size > avpkt->size)
break;
- if (tsmb_type == MKBETAG('s','t','y','l')) {
- if (tracksize + size_var > avpkt->size)
- break;
- style_entries = AV_RB16(tsmb);
- tsmb += 2;
-
- // A single style record is of length 12 bytes.
- if (tracksize + size_var + style_entries * 12 >
avpkt->size)
- break;
- count = 0;
-
- for(i = 0; i < style_entries; i++) {
- s_temp = av_malloc(sizeof(*s_temp));
- if (!s_temp)
- goto error;
-
- s_temp->style_start = AV_RB16(tsmb);
- tsmb += 2;
- s_temp->style_end = AV_RB16(tsmb);
- tsmb += 2;
- // fontID = AV_RB16(tsmb);
- tsmb += 2;
- s_temp->style_flag = AV_RB8(tsmb);
- av_dynarray_add(&s, &count, s_temp);
- if(!s)
- goto error;
- //fontsize=AV_RB8(tsmb);
- tsmb += 2;
- // text-color-rgba
- tsmb += 4;
+ for (size_t i = 0; i < box_count; i++) {
+ if (tsmb_type == box_types[i].type) {
+ if (m->tracksize + m->size_var +
box_types[i].base_size > avpkt->size)
+ break;
+ box_types[i].decode(tsmb, m, avpkt);
}
- text_to_ass(&buf, ptr, end, s, style_entries);
-
- for(i = 0; i < count; i++) {
- av_freep(&s[i]);
- }
- av_freep(&s);
}
- tracksize = tracksize + tsmb_size;
+ m->tracksize = m->tracksize + tsmb_size;
+ }
+ text_to_ass(&buf, ptr, end, m);
+ if (m->f.styl) {
+ for(i = 0; i < m->style_entries; i++) {
+ av_freep(&m->s[i]);
+ }
+ av_freep(&m->s);
}
} else
- text_to_ass(&buf, ptr, end, NULL, 0);
+ text_to_ass(&buf, ptr, end, m);
ret = ff_ass_add_rect_bprint(sub, &buf, ts_start, ts_end - ts_start);
av_bprint_finalize(&buf, NULL);
@@ -212,16 +310,6 @@ static int mov_text_decode_frame(AVCodecContext *avctx,
return ret;
*got_sub_ptr = sub->num_rects > 0;
return avpkt->size;
-
-error:
- for(i = 0; i < count; i++) {
- av_freep(&s[i]);
- }
- av_freep(&s);
- if (s_temp)
- av_freep(&s_temp);
- av_bprint_finalize(&buf, NULL);
- return AVERROR(ENOMEM);
}
AVCodec ff_movtext_decoder = {
@@ -229,6 +317,7 @@ AVCodec ff_movtext_decoder = {
.long_name = NULL_IF_CONFIG_SMALL("3GPP Timed Text subtitle"),
.type = AVMEDIA_TYPE_SUBTITLE,
.id = AV_CODEC_ID_MOV_TEXT,
+ .priv_data_size = sizeof(MovTextContext),
.init = mov_text_init,
.decode = mov_text_decode_frame,
};
More information about the ffmpeg-devel
mailing list