Opened 9 years ago
Closed 9 years ago
#4038 closed defect (fixed)
avio_seek gets called with (..., -1, SEEK_SET)
Reported by: | Albert Zeyer | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | undetermined |
Version: | unspecified | Keywords: | |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
In libavformat/mp3dec.c
, the bug is in mp3_seek
:
static int check(AVFormatContext *s, int64_t pos) { int64_t ret = avio_seek(s->pb, pos, SEEK_SET); ... } ... static int mp3_seek(...) { ... best_pos = ie->pos; best_score = 999; for(i=0; i<4096; i++) { int64_t pos = ie->pos + (dir > 0 ? i - 1024 : -i); int64_t candidate = -1; int score = 999; for(j=0; j<MIN_VALID; j++) { ret = check(s, pos); ...
I have the case where ie->pos
is small. In that case, negative values can land in pos
and will get passed over to avio_seek
.
Attachments (2)
Change History (6)
comment:1 by , 9 years ago
by , 9 years ago
Attachment: | ffmpeg-seek-bug.cpp added |
---|
comment:2 by , 9 years ago
This is the backtrace:
frame #2: 0x00007fff863ebb1a libsystem_c.dylib`abort + 125 frame #3: 0x00000001064ba8e2 a.out`player_seek(_song=0x00007ff4ca40c2f8, offset=-1, whence=0) + 242 at ffmpeg-seek-bug.cpp:61 frame #4: 0x00000001065305ae libavformat.56.dylib`avio_seek(s=0x00007ff4ca40c580, offset=<unavailable>, whence=<unavailable>) + 622 at aviobuf.c:261 frame #5: 0x0000000106593e6d libavformat.56.dylib`mp3_seek [inlined] check(s=<unavailable>, pos=-1) + 17 at mp3dec.c:395 frame #6: 0x0000000106593e5c libavformat.56.dylib`mp3_seek(s=0x00007ff4ca80c000, stream_index=<unavailable>, timestamp=<unavailable>, flags=<unavailable>) + 732 at mp3dec.c:458 frame #7: 0x000000010660b97c libavformat.56.dylib`av_seek_frame [inlined] seek_frame_internal(s=<unavailable>, stream_index=<unavailable>, timestamp=<unavailable>, flags=1) + 217 at utils.c:2059 frame #8: 0x000000010660b8a3 libavformat.56.dylib`av_seek_frame(s=0x00007ff4ca80c000, stream_index=<unavailable>, timestamp=<unavailable>, flags=1) + 243 at utils.c:2091 frame #9: 0x000000010660bebf libavformat.56.dylib`avformat_seek_file(s=<unavailable>, stream_index=-1, min_ts=0, ts=1000, max_ts=1998, flags=<unavailable>) + 175 at utils.c:2142 frame #10: 0x00000001064b95a1 a.out`Song::seekAbs(this=0x00007ff4ca40c2f8, pos=0.001) + 401 at ffmpeg-seek-bug.cpp:296 frame #11: 0x00000001064b9788 a.out`main(argc=2, argv=0x00007fff597477d8) + 424 at ffmpeg-seek-bug.cpp:330
by , 9 years ago
comment:3 by , 9 years ago
I added the first 10kb of the file which triggers the bug for me. This test.mp3 also triggers the bug.
The code can also be seen online here: https://github.com/albertz/music-player-core/blob/master/tests/ffmpeg-seek-bug.cpp
Compile and run ./a.out test.mp3
.
comment:4 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Please provide your case.