[FFmpeg-trac] #4957(avformat:new): Crash in libavformat/mux.c when processing a corrupted input stream

FFmpeg trac at avcodec.org
Thu Oct 22 13:52:14 CEST 2015


#4957: Crash in libavformat/mux.c when processing a corrupted input stream
----------------------------------+---------------------------------------
             Reporter:  jsnajdr   |                     Type:  defect
               Status:  new       |                 Priority:  normal
            Component:  avformat  |                  Version:  unspecified
             Keywords:            |               Blocked By:
             Blocking:            |  Reproduced by developer:  0
Analyzed by developer:  0         |
----------------------------------+---------------------------------------
 '''Summary of the bug:'''
 libavformat/mux.c:compute_pkt_fields2 crashes when trying to set
 st->priv_pts->val. priv_pts is a NULL pointer.

 '''How to reproduce:'''
 1. Download this mpg file:
 https://www.dropbox.com/s/k6n6yi6f9ngrgxi/stream.mpg?dl=0
 2. Try to convert it into a HLS playlist+chunks:
 {{{
 % ffmpeg -i stream.mpg -c copy plist.m3u8
 }}}

 The stream.mpg file is an output of mumudvb trying to stream a DVB-T
 broadcast when the signal strength is poor - the streams are likely
 seriously corrupted.

 '''Actual result:'''
 ffmpeg crashes. This is the LLDB output:

 {{{
 * thread #1: tid = 0x5d484, 0x000000010017d47f
 ffmpeg_g`compute_pkt_fields2(s=<unavailable>, st=0x0000000101d11b00,
 pkt=0x00007fff5fbfaae0) + 1535 at mux.c:560, queue = 'com.apple.main-
 thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
     frame #0: 0x000000010017d47f
 ffmpeg_g`compute_pkt_fields2(s=<unavailable>, st=0x0000000101d11b00,
 pkt=0x00007fff5fbfaae0) + 1535 at mux.c:560
    557              av_ts2str(pkt->pts), av_ts2str(pkt->dts));
    558
    559      st->cur_dts = pkt->dts;
 -> 560      st->priv_pts->val = pkt->dts;
    561
    562      /* update pts */
    563      switch (st->codec->codec_type) {
 }}}

 The st->priv_pts field is NULL. It's initialized in avformat_write_header,
 which probably was never called for the affected stream.

 Possible fix - wrap all st->priv_pts access with a null check?

--
Ticket URL: <https://trac.ffmpeg.org/ticket/4957>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list