After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 332995 - segfault in ffmpeg enc
segfault in ffmpeg enc
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-libav
git master
Other Linux
: Normal critical
: 0.10.1
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2006-03-01 13:57 UTC by Josef Zlomek
Modified: 2006-03-01 15:05 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Fix segfault (735 bytes, patch)
2006-03-01 13:58 UTC, Josef Zlomek
none Details | Review

Description Josef Zlomek 2006-03-01 13:57:50 UTC
When the input buffer is (much) smaller than the frame size, gstffmpegenc segfaults in gst_ffmpegenc_chain_audio(). The reason is that it allocates the output buffer with the same size as the input buffer. If the input buffer is too small, the output buffer is not large enough for the encoded data.
The size of the output buffer should be the frame size, which is the size of subbuffer.

The attached patch fixes this.
Comment 1 Josef Zlomek 2006-03-01 13:58:38 UTC
Created attachment 60398 [details] [review]
Fix segfault
Comment 2 Edward Hervey 2006-03-01 14:05:06 UTC
could you give an example pipeline that generates the segfault ?
Comment 3 Josef Zlomek 2006-03-01 14:33:49 UTC
the pipeline is quite complicated, the simplification is 
filesrc -> dvddemux -> queue -> dvdlpcmdec -> audioconvert -> ffenc_mp2 -> fakesink.

The buffers coming out of dvdlpcmdec have variable size (from 8 bytes to 2008 bytes for my file). When ffmpeg enc is processing buffer with too small size and the cache reached frame size, the output buffer is created with the save size as the input buffer and the codec is called.
Because the output buffer is too small, it overflows and the memory after the buffer is overwriten, which causes segfault later.
Comment 4 Edward Hervey 2006-03-01 15:05:52 UTC
Fixed, thanks a lot.

2006-03-01  Josef Zlomek  <josef dot zlomek at itonis dot tv>

	Reviewed by : Edward Hervey  <edward@fluendo.com>

	* ext/ffmpeg/gstffmpegenc.c: (gst_ffmpegenc_chain_audio):
	Fix segmentation fault and memleak.
	Fixes #332995 and #333001