Opened 3 years ago
#9722 new defect
SEGFAULT in h264_v4l2m2m decoder (v4l2_context.c)
| Reported by: | Vraz | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avcodec |
| Version: | git-master | Keywords: | SEGFAULT v4l2m2m |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | yes |
Description
If a media player initially calls avcodec_receive_frame() prior to avcodec_send_packet(), the v42l_m2m decoder will SEGFAULT @ v4l2_context.c:344 due to a missing NULL check in some diagnostic warning code.
How to reproduce:
Easiest repro requires modifying ffplay to call avcodec_receive_frame() prior to avcodec_send_packet().
Add to ffplay.c/decoder_decode_frame:
static int decoder_decode_frame(Decoder *d, AVFrame *frame, AVSubtitle *sub) {
int ret = AVERROR(EAGAIN);
+ if ((d->pkt_serial != d->queue->serial) && (d->avctx->codec_type == AVMEDIA_TYPE_VIDEO))
+ avcodec_receive_frame(d->avctx, frame);
for (;;) {
build and then:
% ffplay -vcodec h264_v4l2m2m <h264-filename>
The bug was introduced by:
https://github.com/FFmpeg/FFmpeg/commit/0b9b7f0b46a80b848b19ebbb624cc7dc06bd33b7
Due to how the v42l_m2m decoder works, its buffers are not guaranteed to be allocated when dequeue is called. Trivial fix is changing the "if (timeout == 0)" to "if ((timeout == 0) && (ctx->buffers != NULL))" in the patch referenced above.
Note:
See TracTickets
for help on using tickets.
