[FFmpeg-trac] #7484(avcodec:new): av_packet_ref(): Allocates array on zero src size
FFmpeg
trac at avcodec.org
Wed Oct 10 18:39:33 EEST 2018
#7484: av_packet_ref(): Allocates array on zero src size
------------------------------------+----------------------------------
Reporter: zerodefect | Type: defect
Status: new | Priority: normal
Component: avcodec | Version:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
------------------------------------+----------------------------------
Discovered a bug on a corner-case when exercising some unit tests I had
written. The code involved pertains to function:
`int av_packet_ref(AVPacket *dst, const AVPacket *src)`.
I'll jump right into the code example:
{{{
#!div style="font-size: 80%"
Code highlighting:
{{{#!cpp
#include <cassert>
extern "C"
{
#include <libavcodec/avcodec.h>
}
int main(int argc, char *argv[])
{
AVPacket pkt{};
av_init_packet(&pkt);
assert(pkt.size == 0); // OK;
assert(pkt.data == nullptr); // OK
AVPacket pkt2{};
av_init_packet(&pkt2);
assert(pkt2.size == 0); // OK;
assert(pkt2.data == nullptr); // OK
assert(0 == av_packet_ref(&pkt2, &pkt)); // OK? Discuss.
assert(pkt.size == 0); // OK;
assert(pkt.data == nullptr); // OK
assert(pkt2.size == 0); // OK;
assert(pkt2.data == nullptr); // ASSERTS: Woah! Not good!
return 0;
}
}}}
}}}
So av_packet_ref(...) func is called with a `Src` and `Dst` pkt whose size
is both 0 and data is both NULL, yet after the function is called the data
on the dst is non-NULL.
Code sample built using the following command:
`g++ main.cpp -lavcodec -o test`
Ubuntu 18.04
GCC 8.2
FFmpeg v4.0.2
--
Ticket URL: <https://trac.ffmpeg.org/ticket/7484>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list