Opened 4 years ago

Closed 2 years ago

Last modified 2 years ago

#7094 closed defect (fixed)

Assertion in AVIO fill_buffer

Reported by: alex Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: avio, abort, crash
Cc: Michael Niedermayer Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


It happens sometimes while demuxing mpegts stream using custom IO operations via AVIOContext, assertion fails in function 'fill_buffer' in aviobuf.c:
av_assert0(len >= s->orig_buffer_size);
Seems like something goes wrong when AVIOContext decides to reduce it's internal buffer size.

This issue can be easily reproduced in my case, when AVFormatContext.probesize equals initial buffer size for AVIOContext.
Sample code to reproduce:

int read_handler(void* opaque, uint8_t* dst, int dst_size)
        bytes_t* input = (bytes_t*)opaque;
        size_t available = input->size();
        size_t size = available < dst_size ? available : dst_size;
        if (size > 0)
                memcpy(dst, input->data(), size);
                input->erase(input->begin(), input->begin() + size);
        return size > 0 ? size : AVERROR_EOF;

void test_avio(char const* path)
        std::ifstream ifs(path, std::ios::binary);
        ifs.seekg(0, std::ios::end);
        size_t size = ifs.tellg();
        ifs.seekg(0, std::ios::beg);
        std::vector<char> input(size);, input.size());

        AVInputFormat* m_format = av_find_input_format("mpegts");
        AVFormatContext* m_fc = avformat_alloc_context();

        size_t buffer_size = 16 * 1024;
        uint8_t* avio_buffer = (uint8_t*)av_malloc(buffer_size + FF_INPUT_BUFFER_PADDING_SIZE);

        m_fc = avformat_alloc_context();
        m_fc->probesize = buffer_size;
        m_fc->pb = avio_alloc_context(avio_buffer, buffer_size, 0, &input, &read_handler, NULL, NULL);
        m_fc->pb->seekable = 0;
        m_fc->pb->write_flag = 0;

        int err = avformat_open_input(&m_fc, NULL, m_format, NULL);
        err = avformat_find_stream_info(m_fc, NULL); // In this case it fails even at this point

        // ...

Change History (5)

comment:1 by alex, 4 years ago

Unfortunately I could not attach sample TS file since it's size is beyond 2.5MB

comment:2 by Carl Eugen Hoyos, 4 years ago

Please use a file hoster of your choice and post a download link here.

comment:3 by alex, 4 years ago

Original TS file had been lost, so here's new one -
It requires buffer_size = 64*4096 to reproduce

comment:4 by Michael Niedermayer, 2 years ago

Cc: Michael Niedermayer added

Can you check if "[FFmpeg-devel] [PATCH] avformat/aviobuf: Delay buffer downsizing until asserts are met" on the mailing list fixes this or provide a simple testcase like a compilable file or something that doesnt require writing a testcase based of code snippets

comment:5 by mkver, 2 years ago

Resolution: fixed
Status: newclosed

The patch that Michael invited you to test got merged as 0334632d5c02720f1829d59cd20c009584b5b163 and removed said assertion, so that it's certain that you won't run into it any more. Therefore I am closing this issue as fixed. Should everything work fine for you with this fix, then please confirm it here; if not, open a new ticket for it.

Last edited 2 years ago by mkver (previous) (diff)
Note: See TracTickets for help on using tickets.