--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: dvbcut: Crash when exporting to MPEG program stream DVD DVBCUT multiplexer
- From: Bernhard Übelacker <bernhardu@vr-web.de>
- Date: Mon, 30 Jun 2014 20:35:33 +0200
- Message-id: <20140630183533.21228.68819.reportbug@localhost>
Package: dvbcut
Version: 0.5.4+svn178-7
Severity: important
Tags: patch
Dear Maintainer,
   * What led up to the situation?
- opening an DVB-S transport stream
- setting some start and end marks
- export video with default options (MPEG program stream/DVD DVBCUT
multiplexer)
   * What was the outcome of this action?
- dvbcut crashed
   * What outcome did you expect instead?
- mpeg file get saved
Call Stack:
Program received signal SIGSEGV, Segmentation fault.
av_buffer_unref (buf=buf@entry=0x7fff1b74c6b0) at
/home/build/libavutil/libav-10.1/libavutil/buffer.c:111
111         b = (*buf)->buffer;
(gdb) bt
#0  av_buffer_unref (buf=buf@entry=0x7fff1b74c6b0) at
/home/build/libavutil/libav-10.1/libavutil/buffer.c:111
#1  0x00007f7aed422f44 in av_free_packet (pkt=pkt@entry=0x7fff1b74c6b0) at
/home/build/libavutil/libav-10.1/libavcodec/avpacket.c:247
#2  0x00007f7aed705e40 in avcodec_encode_video2 (avctx=0xfbdea0,
avpkt=0x7fff1b74c6b0, frame=0x149c740, got_packet_ptr=0x7fff1b74c67c) at
/home/build/libavutil/libav-10.1/libavcodec/utils.c:1331
#3  0x000000000043c00e in mpgfile::recodevideo (this=this@entry=0xf6a510,
mux=..., start=5638, stop=stop@entry=5640, offset=offset@entry=1384514230,
savedpics=savedpics@entry=1524, savepics=1524, log=0x14360b8) at
mpgfile.cpp:753
#4  0x000000000043d175 in mpgfile::savempg (this=0xf6a510, mux=...,
start=<optimized out>, start@entry=4116, stop=stop@entry=5640, savedpics=1524,
savedpics@entry=0, savepics=1524, log=0x14360b8) at mpgfile.cpp:682
#5  0x0000000000417bc5 in dvbcut::fileExport (this=0xf218b0) at dvbcut.cpp:737
#6  0x00007f7aeabe7a0a in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
Reason:
in function mpgfile::recodevideo a variable pkt is declared, but the field
pkt.buf is never initialized.
Later in function av_free_packet this member is checked for being non-zero and
in this case
the memory it points to freed by av_free_packet:
242     void av_free_packet(AVPacket *pkt)
243     {
244         if (pkt) {
245     FF_DISABLE_DEPRECATION_WARNINGS
246             if (pkt->buf)
247                 av_buffer_unref(&pkt->buf);
Patch:
--- dvbcut-0.5.4+svn178.orig/src/mpgfile.cpp
+++ dvbcut-0.5.4+svn178/src/mpgfile.cpp
@@ -731,7 +731,7 @@ void mpgfile::recodevideo(muxer &mux, in
   pts_t startpts=idx[idx.indexnr(start)].getpts();
   while (outpicture<stop)
   {
-    AVPacket pkt;
+    AVPacket pkt = {0};
     u_int8_t *buf=(u_int8_t*)m2v.writeptr();
     int ret, got_output;
-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (990, 'testing-updates'), (990, 'testing'), (500, 'testing-proposed-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dvbcut depends on:
ii  liba52-0.7.4       0.7.4-17
ii  libao4             1.1.0-2
ii  libavcodec55       6:10.1-1
ii  libavformat55      6:10.1-1
ii  libavutil53        6:10.1-1
ii  libc6              2.19-3
ii  libgcc1            1:4.9.0-7
ii  libmad0            0.15.1b-8
ii  libqt4-network     4:4.8.6+dfsg-2
ii  libqt4-qt3support  4:4.8.6+dfsg-2
ii  libqt4-sql         4:4.8.6+dfsg-2
ii  libqt4-xml         4:4.8.6+dfsg-2
ii  libqtcore4         4:4.8.6+dfsg-2
ii  libqtgui4          4:4.8.6+dfsg-2
ii  libstdc++6         4.9.0-7
ii  libswscale2        6:10.1-1
Versions of packages dvbcut recommends:
ii  mplayer2 [mplayer]  2.0-728-g2c378c7-2
dvbcut suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: dvbcut
Source-Version: 0.5.4+svn178-8
We believe that the bug you reported is fixed in the latest version of
dvbcut, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 753347@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Übelacker <bernhardu@vr-web.de> (supplier of updated dvbcut package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 21 Sep 2014 12:16:23 +0200
Source: dvbcut
Binary: dvbcut
Architecture: source amd64
Version: 0.5.4+svn178-8
Distribution: unstable
Urgency: medium
Maintainer: Reinhard Tartler <siretart@debian.org>
Changed-By: Bernhard Übelacker <bernhardu@vr-web.de>
Description:
 dvbcut     - Qt application for cutting parts out of DVB streams
Closes: 715843 741655 753347 753369
Changes:
 dvbcut (0.5.4+svn178-8) unstable; urgency=medium
 .
   * Fix crash on export video (Closes: #753347)
   * Fix crash when calling with malformed parameters (Closes: #715843)
   * Fix playing audio with mplayer2 (Closes: #753369)
   * Try to fix Hurd build by avoiding PATH_MAX
   * Include dpkg-buildflags hinted by lintian
   * Set maintainer to Bernhard Übelacker (Closes: #741655)
Checksums-Sha1:
 69d29f808a742412398b381705a8c5d790e3f70d 1787 dvbcut_0.5.4+svn178-8.dsc
 aa76bca89db861d6ecfddc7a6fc1533a2c7b60eb 67756 dvbcut_0.5.4+svn178-8.debian.tar.xz
 fefc1a2ea15127e4641f44addf0aa09df5989d8a 187452 dvbcut_0.5.4+svn178-8_amd64.deb
Checksums-Sha256:
 a99f4c108be7f36b6eea20c415ed8b28ba4c1ce0846a34e7b7e00d3d35059d6e 1787 dvbcut_0.5.4+svn178-8.dsc
 46366f24da2eff7a8d70df562b8b9f58959b411c06470e7f55a33e11a74d8a59 67756 dvbcut_0.5.4+svn178-8.debian.tar.xz
 63fc9a54e281266ac2ae8ba9c09df5da539fb53b8e8e2e9000198ec2d94341f8 187452 dvbcut_0.5.4+svn178-8_amd64.deb
Files:
 e6c3dcc90a528e02fc5c28386ce1d931 187452 graphics optional dvbcut_0.5.4+svn178-8_amd64.deb
 f5b1e65dac1523fc7619905025e31af4 1787 graphics optional dvbcut_0.5.4+svn178-8.dsc
 b129a57b959972d48c83c1a1d3a3e422 67756 graphics optional dvbcut_0.5.4+svn178-8.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBAgAGBQJULUtNAAoJEIuAbIZKeKRF7igMAI2G8yChlAg5N3og9QY4TCLh
VbGESTnQiV/mbkmxgNFEnT1WokP3r6+IpuMdZGYNGR1y4LciuZlMWoKMiT8gS9qQ
nawYAf/VAhqVdnHX0k0aJO5iy9I4aXt80MT9u72Fp12aM8s8mgWOb/PF+7l/+VbN
R+Z4jD0eqn6/VhszlESEq47Y0HDpfJ/gKD4abXDthIOMNj0GOnw/UCN9LDSora/a
7vsJsxugSdXK5oKUWDIExP/YHueoHxIiQWi4FlhJCNsbZUGX3gxWj8DQ9bj+1vze
ykbpT0k1uDrGyUa6UNCasDSpUfhf/+s50Td1/ckKdkH/RyJJBHexWabEnClzlPS/
/Pit8I+u3e1A0au+7qp71gN1cr1KoqwQfDp+MWmfdUY/LZCNCqaNfEWxa6/rhc3L
suOBBxXF0+ofhay37b00L1NIEuiEPaA8o7bjmjYiY/hkbU90DSamlBvnsiZjEpVg
8GuKNtv3Iphu9uwg18xnd/j8VmD+tFPR2hgCWyzGPw==
=yFFy
-----END PGP SIGNATURE-----
--- End Message ---