Opened 3 years ago
Closed 3 years ago
#9062 closed defect (fixed)
Segmentation Fault in dash demuxer
| Reported by: | c-14 | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | dash crash |
| Cc: | liuqi05@kuaishou.com | Blocked By: | |
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description (last modified by )
Summary of the bug:
The dash demuxer segfaults when the dash manifest contains a subtitle track without an initialization element in the segmenttemplate.
<AdaptationSet contentType="text" mimeType="application/mp4" segmentAlignment="true" group="1" lang="eng"> <SegmentTemplate duration="8" media="$RepresentationID$/$Number$.m4s" startNumber="0" initialization="$RepresentationID$/init.mp4"/> <Representation id="subtitlesttmleng/subtitles" codecs="stpp" startWithSAP="1" bandwidth="1"/> </AdaptationSet> <AdaptationSet contentType="text" mimeType="text/vtt" segmentAlignment="true" group="1" lang="eng"> <SegmentTemplate duration="8" media="$RepresentationID$/$Number$.m4s" startNumber="0"/> <Representation id="subtitlesvtteng/subtitles" codecs="vtt" startWithSAP="1" bandwidth="1"/> </AdaptationSet>
How to reproduce:
% ffmpeg -i https://<host>/Manifest.mpd ffmpeg version N-100605-g0fff6c039c
#0 is_common_init_section_exist (pls=0x555557b1d820, n_pls=2) at libavformat/dashdec.c:1995
first_init_section = 0x555557b1d840
url = 0x555557b34100 "https://<host>/subtitlesttmleng/subtitles/init.mp4"
url_offset = 0
size = -1
i = 1
#1 0x0000555555a9713d in dash_read_header (s=0x555557ad6580) at libavformat/dashdec.c:2082
c = 0x555557b10e00
rep = 0x555557b33840
program = 0x555557ad6c78
ret = 0
stream_index = 7
i = 2
#2 0x0000555555c16bf6 in avformat_open_input (ps=0x7fffffffd128, filename=0x7fffffffdc22 "https://<host>/Manifest.mpd", fmt=0x0, options=0x555557ad6468)
at libavformat/utils.c:596
s = 0x555557ad6580
i = 1470983424
ret = 0
tmp = 0x555557b10f40
id3v2_extra_meta = 0x0
#3 0x000055555565bcc4 in open_input_file (o=0x7fffffffd230, filename=0x7fffffffdc22 "https://<host>/Manifest.mpd") at fftools/ffmpeg_opt.c:1182
f = 0x5555571a2078 <__sysv_signal@got.plt>
ic = 0x555557ad6580
file_iformat = 0x0
err = 0
i = 21845
ret = 48
timestamp = 140737340987888
unused_opts = 0x0
e = 0x0
video_codec_name = 0x0
audio_codec_name = 0x0
subtitle_codec_name = 0x0
data_codec_name = 0x0
scan_all_pmts_set = 1
The segfault occurs in the 2nd iteration of the loop over the init_sections because the init_section at index 1 of the subtitles array is NULL. From what I can tell, the init_section element should be allocated and initialized in parse_manifest_representation, but it only seems to do so if it can find an initialization element in fragment_templates_tab which doesn't exist for the second subtitle stream in the manifest.
Changing the comparison in is_common_init_section_exist to check if an init_section exists before accessing the children fixes the segfault, but I'm not sure if that's the correct way to handle this or if the missing initialization element should be handled differently.
Change History (7)
comment:1 by , 3 years ago
| Description: | modified (diff) |
|---|---|
| Keywords: | dash crash added |
follow-up: 3 comment:2 by , 3 years ago
can you leave a test url here?
or how should i create one test url with subtitle?
follow-up: 4 comment:3 by , 3 years ago
Replying to cehoyos:
How can I reproduce this issue?
Please provide at least the complete, uncut console output to make this a valid ticket.
./ffmpeg_g -i https://<host>/AccurateManifest.mpd 2000-2021 the FFmpeg developers built with gcc 10.2.0 (Gentoo 10.2.0-r5 p6) configuration: --enable-libxml2 --enable-openssl --disable-doc --disable-optimizations libavutil 56. 63.100 / 56. 63.100 libavcodec 58.115.102 / 58.115.102 libavformat 58. 65.101 / 58. 65.101 libavdevice 58. 11.103 / 58. 11.103 libavfilter 7. 95.100 / 7. 95.100 libswscale 5. 8.100 / 5. 8.100 libswresample 3. 8.100 / 3. 8.100 [1] 8777 segmentation fault ./ffmpeg_g -i
Replying to stevenliu:
can you leave a test url here?
or how should i create one test url with subtitle?
I created a minimal dash manifest at https://dl.c-14.de/t/dash/out.mpd that reproduces the issue
I can't link to the original dash manifest, but that one should be functionally equivalent wrt. this error
comment:4 by , 3 years ago
| Cc: | added |
|---|
Replying to stevenliu:
can you leave a test url here?
or how should i create one test url with subtitle?
I created a minimal dash manifest at https://dl.c-14.de/t/dash/out.mpd that reproduces the issue
I can't link to the original dash manifest, but that one should be functionally equivalent wrt. this error
Check these patchset please:
https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=3039
comment:6 by , 3 years ago
| Priority: | normal → important |
|---|---|
| Status: | new → open |
comment:7 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
fixed by : 756897eff4950ad0c969b891d7c4af5df0406c25
How can I reproduce this issue?
Please provide at least the complete, uncut console output to make this a valid ticket.