Context Navigation

#8231 closed defect (duplicate)

Segmentation fault in mov_write_udta_sdp at libavformat/movenc.c:3102

Reported by:	Suhwan	Owned by:
Priority:	normal	Component:	undetermined
Version:	git-master	Keywords:
Cc:		Blocked By:
Blocking:		Reproduced by developer:	no
Analyzed by developer:	no

Description

Summary of the bug:
There is a Segmentation fault in mov_write_udta_sdp at libavformat/movenc.c:3102 due to the null pointer access.

Here's GDB log.

Thread 1 "ffmpeg_g" received signal SIGSEGV, Segmentation fault.
mov_write_udta_sdp (pb=<optimized out>, track=<optimized out>) at libavformat/movenc.c:3102
3102	    ff_sdp_write_media(buf, sizeof(buf), ctx->streams[0], track->src_track,
(gdb) bt
#0  mov_write_udta_sdp (pb=<optimized out>, track=<optimized out>) at libavformat/movenc.c:3102
#1  mov_write_trak_tag (mov=<optimized out>, track=<optimized out>, st=<optimized out>, s=<optimized out>, 
    pb=<optimized out>) at libavformat/movenc.c:3193
#2  mov_write_moov_tag (pb=<optimized out>, mov=<optimized out>, s=<optimized out>)
    at libavformat/movenc.c:4013
#3  0x000000000069ec13 in mov_write_trailer (s=<optimized out>) at libavformat/movenc.c:6780
#4  0x00000000006c7bff in av_write_trailer (s=0x2301740) at libavformat/mux.c:1281
#5  0x000000000041d9b0 in transcode () at fftools/ffmpeg.c:4726
#6  0x0000000000419377 in main (argc=<optimized out>, argv=<optimized out>) at fftools/ffmpeg.c:4894
(gdb) list
3097	{
3098	    AVFormatContext *ctx = track->rtp_ctx;
3099	    char buf[1000] = "";
3100	    int len;
3101	
3102	    ff_sdp_write_media(buf, sizeof(buf), ctx->streams[0], track->src_track,
3103	                       NULL, NULL, 0, 0, ctx);
3104	    av_strlcatf(buf, sizeof(buf), "a=control:streamid=%d\r\n", track->track_id);
3105	    len = strlen(buf);
3106	
(gdb) print ctx
$1 = (AVFormatContext *) 0x0

How to reproduce:

% ffmpeg_g -i $PoC -loglevel 0 -map 0 tmp.mov

ffmpeg version N-95291-g5345965b3f Copyright (c) 2000-2019 the FFmpeg developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug

Attachments (1)

PoC_mov.3gp (630.3 KB ) - added by Suhwan 5 years ago.

Download all attachments as: .zip

Change History (3)

by Suhwan, 5 years ago

Attachment:	PoC_mov.3gp added

follow-up: 2 comment:1 by mkver, 5 years ago

Keywords:	SIGSEGV removed
Priority:	important → normal
Resolution:	→ duplicate
Status:	new → closed

Duplicate of #8181 (your own ticket).

in reply to: 1 comment:2 by Suhwan, 5 years ago

Replying to mkver:

Duplicate of #8181 (your own ticket).

sorry, it's my mistake :)

Note: See TracTickets for help on using tickets.

Download in other formats: