possible SIGSEGV in sws_getColorspaceDetails

[jean-tiare LE BIGOT]

I experienced a SIGSEGV in the MLT library happending in the function sws_getColorspaceDetails in libwscale/utils.c:718. While i know the actual source of the bug is not in ffmpeg's sources, it is possible to have the first parameter (SwsContext *c) set to NULL wich causes the crash.

changing line 720 from

if (isYUV(c->dstFormat) || isGray(c->dstFormat)) return -1;

to

if (c==NULL || isYUV(c->dstFormat) || isGray(c->dstFormat)) return -1;

allows playback to continue.

PS: i'm working with the latest ffmpeg sources from git in an (almost) clean environnment

[Carl Eugen Hoyos]

Consider sending or attaching a patch made with git diff libswscale/utils.c

[jean-tiare LE BIGOT]

suggested bug fix

[jean-tiare LE BIGOT]

here is the requested diff.

[Stefano Sabatini]

I'm not sure this is the right fix. Indeed the function is not supposed to be called on a NULL context, a check in the calling code should be done instead.

[Michael Niedermayer]

Can we see the code that calls this with NULL ?
Anyway the patch does no harm so IMHO it should be applied if it helps someone

[Carl Eugen Hoyos]

Patch applied, please post (or point to) the MLT code calling sws_getColorspaceDetails().

[jean-tiare LE BIGOT]

I am currently doing ton's of tests to locate the error source. Since MLT is fully mutithreaded, this is quite tricky :-(

From one of my first tests, i remember that this function was called from the same C file but i was not able to reproduce the backtrace. I did quite a lot of recompilations...

I have still not found out the exact bug location in the MLT code. I am now sure it appears in the kdenlive wrapper of the "qimage" producer, somewhere in the file "mlt-0.7.2/src/modules/qimage/qimage_wrapper.cpp"

still investigating...