GNOME Bugzilla – Bug 332995
segfault in ffmpeg enc
Last modified: 2006-03-01 15:05:52 UTC
When the input buffer is (much) smaller than the frame size, gstffmpegenc segfaults in gst_ffmpegenc_chain_audio(). The reason is that it allocates the output buffer with the same size as the input buffer. If the input buffer is too small, the output buffer is not large enough for the encoded data. The size of the output buffer should be the frame size, which is the size of subbuffer. The attached patch fixes this.
Created attachment 60398 [details] [review] Fix segfault
could you give an example pipeline that generates the segfault ?
the pipeline is quite complicated, the simplification is filesrc -> dvddemux -> queue -> dvdlpcmdec -> audioconvert -> ffenc_mp2 -> fakesink. The buffers coming out of dvdlpcmdec have variable size (from 8 bytes to 2008 bytes for my file). When ffmpeg enc is processing buffer with too small size and the cache reached frame size, the output buffer is created with the save size as the input buffer and the codec is called. Because the output buffer is too small, it overflows and the memory after the buffer is overwriten, which causes segfault later.
Fixed, thanks a lot. 2006-03-01 Josef Zlomek <josef dot zlomek at itonis dot tv> Reviewed by : Edward Hervey <edward@fluendo.com> * ext/ffmpeg/gstffmpegenc.c: (gst_ffmpegenc_chain_audio): Fix segmentation fault and memleak. Fixes #332995 and #333001