[FFmpeg-trac] #4547(avfilter:new): af_aphaser.c: segfault with low values of delay option
FFmpeg
trac at avcodec.org
Sun May 10 22:05:40 CEST 2015
#4547: af_aphaser.c: segfault with low values of delay option
-------------------------------------+-------------------------------------
Reporter: gajjanag | Type: defect
Status: new | Priority: normal
Component: avfilter | Version:
Keywords: af_aphaser, | unspecified
segfault | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
I attempted to apply an -aphaser filter to an aif audio file, with the
invocation:
% ffmpeg -report -i sample.aif -af aphaser=delay=0.01 test.aif
ffmpeg crashed with a segfault.
Configuration/info about input file:
ffmpeg version 2.6.2 Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.9.2 (GCC) 20150304 (prerelease)
configuration: --prefix=/usr --disable-debug --disable-static --disable-
stripping --enable-avisynth --enable-avresample --enable-fontconfig
--enable-gnutls --enable-gpl --enable-libass --enable-libbluray --enable-
libfreetype --enable-libfribidi --enable-libgsm --enable-libmodplug
--enable-libmp3lame --enable-libopencore_amrnb --enable-libopencore_amrwb
--enable-libopenjpeg --enable-libopus --enable-libpulse --enable-
libschroedinger --enable-libspeex --enable-libssh --enable-libtheora
--enable-libv4l2 --enable-libvorbis --enable-libvpx --enable-libx264
--enable-libx265 --enable-libxvid --enable-runtime-cpudetect --enable-
shared --enable-swresample --enable-vdpau --enable-version3 --enable-
x11grab
libavutil 54. 20.100 / 54. 20.100
libavcodec 56. 26.100 / 56. 26.100
libavformat 56. 25.101 / 56. 25.101
libavdevice 56. 4.100 / 56. 4.100
libavfilter 5. 11.102 / 5. 11.102
libavresample 2. 1. 0 / 2. 1. 0
libswscale 3. 1.101 / 3. 1.101
libswresample 1. 1.100 / 1. 1.100
libpostproc 53. 3.100 / 53. 3.100
Splitting the commandline.
Reading option '-v' ... matched as option 'v' (set logging level) with
argument '9'.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging
level) with argument '99'.
Reading option '-i' ... matched as input file with argument 'sample.aif'.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option v (set logging level) with argument 9.
Successfully parsed a group of options.
Parsing a group of options: input file sample.aif.
Successfully parsed a group of options.
Opening an input file: sample.aif.
[aiff @ 0x7f70f9ed9860] Format aiff probed with size=2048 and score=100
[aiff @ 0x7f70f9ed9860] Before avformat_find_stream_info() pos: 54 bytes
read:32768 seeks:2
[aiff @ 0x7f70f9ed9860] All info found
[aiff @ 0x7f70f9ed9860] After avformat_find_stream_info() pos: 204854
bytes read:262144 seeks:2 frames:50
Guessed Channel Layout for Input Stream #0.0 : stereo
Input #0, aiff, from 'sample.aif':
Duration: 00:01:00.00, start: 0.000000, bitrate: 1411 kb/s
Stream #0:0, 50, 1/44100: Audio: pcm_s16be, 44100 Hz, 2 channels, s16,
1411 kb/s
Successfully opened the file.
At least one output file must be specified
[AVIOContext @ 0x7f70f9ee1f60] Statistics: 262144 bytes read, 2 seeks
I have identified a possible source of the bug:
Lines 208, 209 of source code:
p->delay_buffer_length = p->delay * 0.001 * inlink->sample_rate + 0.5;
p->delay_buffer = av_calloc(p->delay_buffer_length,
sizeof(*p->delay_buffer) * inlink->channels);
effectively create a buffer of size zero, with a non-null pointer.
Checks on lines 213, 214:
if (!p->modulation_buffer || !p->delay_buffer)
return AVERROR(ENOMEM);
thus get bypassed, even though the filter should not proceed further due
to the zero length buffer.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/4547>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list