[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#753347: dvbcut: Crash when exporting to MPEG program stream DVD DVBCUT multiplexer

Package: dvbcut
Version: 0.5.4+svn178-7
Severity: important
Tags: patch

Dear Maintainer,
   * What led up to the situation?
- opening an DVB-S transport stream
- setting some start and end marks
- export video with default options (MPEG program stream/DVD DVBCUT
multiplexer)

   * What was the outcome of this action?
- dvbcut crashed

   * What outcome did you expect instead?
- mpeg file get saved



Call Stack:
Program received signal SIGSEGV, Segmentation fault.
av_buffer_unref (buf=buf@entry=0x7fff1b74c6b0) at
/home/build/libavutil/libav-10.1/libavutil/buffer.c:111
111         b = (*buf)->buffer;
(gdb) bt
#0  av_buffer_unref (buf=buf@entry=0x7fff1b74c6b0) at
/home/build/libavutil/libav-10.1/libavutil/buffer.c:111
#1  0x00007f7aed422f44 in av_free_packet (pkt=pkt@entry=0x7fff1b74c6b0) at
/home/build/libavutil/libav-10.1/libavcodec/avpacket.c:247
#2  0x00007f7aed705e40 in avcodec_encode_video2 (avctx=0xfbdea0,
avpkt=0x7fff1b74c6b0, frame=0x149c740, got_packet_ptr=0x7fff1b74c67c) at
/home/build/libavutil/libav-10.1/libavcodec/utils.c:1331
#3  0x000000000043c00e in mpgfile::recodevideo (this=this@entry=0xf6a510,
mux=..., start=5638, stop=stop@entry=5640, offset=offset@entry=1384514230,
savedpics=savedpics@entry=1524, savepics=1524, log=0x14360b8) at
mpgfile.cpp:753
#4  0x000000000043d175 in mpgfile::savempg (this=0xf6a510, mux=...,
start=<optimized out>, start@entry=4116, stop=stop@entry=5640, savedpics=1524,
savedpics@entry=0, savepics=1524, log=0x14360b8) at mpgfile.cpp:682
#5  0x0000000000417bc5 in dvbcut::fileExport (this=0xf218b0) at dvbcut.cpp:737
#6  0x00007f7aeabe7a0a in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4



Reason:
in function mpgfile::recodevideo a variable pkt is declared, but the field
pkt.buf is never initialized.
Later in function av_free_packet this member is checked for being non-zero and
in this case
the memory it points to freed by av_free_packet:

242     void av_free_packet(AVPacket *pkt)
243     {
244         if (pkt) {
245     FF_DISABLE_DEPRECATION_WARNINGS
246             if (pkt->buf)
247                 av_buffer_unref(&pkt->buf);



Patch:
--- dvbcut-0.5.4+svn178.orig/src/mpgfile.cpp
+++ dvbcut-0.5.4+svn178/src/mpgfile.cpp
@@ -731,7 +731,7 @@ void mpgfile::recodevideo(muxer &mux, in
   pts_t startpts=idx[idx.indexnr(start)].getpts();
   while (outpicture<stop)
   {
-    AVPacket pkt;
+    AVPacket pkt = {0};
     u_int8_t *buf=(u_int8_t*)m2v.writeptr();
     int ret, got_output;




-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (990, 'testing-updates'), (990, 'testing'), (500, 'testing-proposed-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dvbcut depends on:
ii  liba52-0.7.4       0.7.4-17
ii  libao4             1.1.0-2
ii  libavcodec55       6:10.1-1
ii  libavformat55      6:10.1-1
ii  libavutil53        6:10.1-1
ii  libc6              2.19-3
ii  libgcc1            1:4.9.0-7
ii  libmad0            0.15.1b-8
ii  libqt4-network     4:4.8.6+dfsg-2
ii  libqt4-qt3support  4:4.8.6+dfsg-2
ii  libqt4-sql         4:4.8.6+dfsg-2
ii  libqt4-xml         4:4.8.6+dfsg-2
ii  libqtcore4         4:4.8.6+dfsg-2
ii  libqtgui4          4:4.8.6+dfsg-2
ii  libstdc++6         4.9.0-7
ii  libswscale2        6:10.1-1

Versions of packages dvbcut recommends:
ii  mplayer2 [mplayer]  2.0-728-g2c378c7-2

dvbcut suggests no packages.

-- no debconf information
Reply to: