Opened 17 months ago

Closed 7 weeks ago

Last modified 7 weeks ago

#7094 closed defect (fixed)

Assertion in AVIO fill_buffer

Reported by: redeemarr Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: avio, abort, crash
Cc: michael Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

It happens sometimes while demuxing mpegts stream using custom IO operations via AVIOContext, assertion fails in function 'fill_buffer' in aviobuf.c:
av_assert0(len >= s->orig_buffer_size);
Seems like something goes wrong when AVIOContext decides to reduce it's internal buffer size.

This issue can be easily reproduced in my case, when AVFormatContext.probesize equals initial buffer size for AVIOContext.
Sample code to reproduce:

int read_handler(void* opaque, uint8_t* dst, int dst_size)
{
        bytes_t* input = (bytes_t*)opaque;
        size_t available = input->size();
        size_t size = available < dst_size ? available : dst_size;
        if (size > 0)
        {
                memcpy(dst, input->data(), size);
                input->erase(input->begin(), input->begin() + size);
        }
        return size > 0 ? size : AVERROR_EOF;
}

void test_avio(char const* path)
{
        std::ifstream ifs(path, std::ios::binary);
        ifs.seekg(0, std::ios::end);
        size_t size = ifs.tellg();
        ifs.seekg(0, std::ios::beg);
        
        std::vector<char> input(size);
        ifs.read(input.data(), input.size());

        AVInputFormat* m_format = av_find_input_format("mpegts");
        AVFormatContext* m_fc = avformat_alloc_context();

        size_t buffer_size = 16 * 1024;
        uint8_t* avio_buffer = (uint8_t*)av_malloc(buffer_size + FF_INPUT_BUFFER_PADDING_SIZE);

        m_fc = avformat_alloc_context();
        m_fc->probesize = buffer_size;
        m_fc->pb = avio_alloc_context(avio_buffer, buffer_size, 0, &input, &read_handler, NULL, NULL);
        m_fc->pb->seekable = 0;
        m_fc->pb->write_flag = 0;

        int err = avformat_open_input(&m_fc, NULL, m_format, NULL);
        
        err = avformat_find_stream_info(m_fc, NULL); // In this case it fails even at this point

        // ...
}

Change History (5)

comment:1 Changed 17 months ago by redeemarr

Unfortunately I could not attach sample TS file since it's size is beyond 2.5MB

comment:2 Changed 17 months ago by cehoyos

Please use a file hoster of your choice and post a download link here.

comment:3 Changed 17 months ago by redeemarr

Original TS file had been lost, so here's new one - http://rgho.st/8rmvywQ6s
It requires buffer_size = 64*4096 to reproduce

comment:4 Changed 2 months ago by michael

  • Cc michael added

Can you check if "[FFmpeg-devel] [PATCH] avformat/aviobuf: Delay buffer downsizing until asserts are met" on the mailing list fixes this or provide a simple testcase like a compilable file or something that doesnt require writing a testcase based of code snippets
thanks

comment:5 Changed 7 weeks ago by mkver

  • Resolution set to fixed
  • Status changed from new to closed

The patch that Michael invited you to test got merged and removed said assertion, so that it's certain that you won't run into it any more. Therefore I am closing this issue as fixed. Should everything work fine for you with this fix, then please confirm it here; if not, open a new ticket for it.

Version 0, edited 7 weeks ago by mkver (next)
Note: See TracTickets for help on using tickets.