Opened 2 years ago

#9722 new defect

SEGFAULT in h264_v4l2m2m decoder (v4l2_context.c)

Reported by: Vraz Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords: SEGFAULT v4l2m2m
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: yes

Description

If a media player initially calls avcodec_receive_frame() prior to avcodec_send_packet(), the v42l_m2m decoder will SEGFAULT @ v4l2_context.c:344 due to a missing NULL check in some diagnostic warning code.

How to reproduce:
Easiest repro requires modifying ffplay to call avcodec_receive_frame() prior to avcodec_send_packet().

Add to ffplay.c/decoder_decode_frame:

static int decoder_decode_frame(Decoder *d, AVFrame *frame, AVSubtitle *sub) {
    int ret = AVERROR(EAGAIN);

+   if ((d->pkt_serial != d->queue->serial) && (d->avctx->codec_type == AVMEDIA_TYPE_VIDEO))
+     avcodec_receive_frame(d->avctx, frame);

    for (;;) {

build and then:
% ffplay -vcodec h264_v4l2m2m <h264-filename>

The bug was introduced by:
https://github.com/FFmpeg/FFmpeg/commit/0b9b7f0b46a80b848b19ebbb624cc7dc06bd33b7
Due to how the v42l_m2m decoder works, its buffers are not guaranteed to be allocated when dequeue is called. Trivial fix is changing the "if (timeout == 0)" to "if ((timeout == 0) && (ctx->buffers != NULL))" in the patch referenced above.

Change History (0)

Note: See TracTickets for help on using tickets.