[libav-bugs] [Bug 1036] Null pointer dereference in ff_h264_execute_ref_pic_marking() #2

bugzilla at libav.org bugzilla at libav.org
Mon Apr 17 14:17:41 CEST 2017


https://bugzilla.libav.org/show_bug.cgi?id=1036

lu_zero at gentoo.org <lu_zero at gentoo.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lu_zero at gentoo.org

--- Comment #2 from lu_zero at gentoo.org <lu_zero at gentoo.org> ---
The crash is due the sps being unset.

#0  ff_h264_execute_ref_pic_marking (h=h at entry=0x33f3200) at
/usr/src/libav/libavcodec/h264_refs.c:701
#1  0x00000000009db316 in ff_h264_field_end (h=h at entry=0x33f3200, sl=0x33feaa0,
in_setup=in_setup at entry=0)
    at /usr/src/libav/libavcodec/h264_picture.c:157
#2  0x0000000000636ed2 in h264_decode_frame (avctx=0x33e37e0, data=0x33e4f40,
got_frame=0x7ffc22c3630c, avpkt=<optimized out>)
    at /usr/src/libav/libavcodec/h264dec.c:745
#3  0x00000000005b3d85 in decode_simple_internal (frame=0x33e4f40,
avctx=0x33e37e0) at /usr/src/libav/libavcodec/decode.c:335
#4  decode_simple_receive_frame (frame=<optimized out>, avctx=<optimized out>)
at /usr/src/libav/libavcodec/decode.c:386
#5  decode_receive_frame_internal (avctx=0x33e37e0, frame=0x33e4f40) at
/usr/src/libav/libavcodec/decode.c:404
#6  0x00000000005b40d8 in avcodec_send_packet (avctx=avctx at entry=0x33e37e0,
avpkt=avpkt at entry=0x7ffc22c363a0)
    at /usr/src/libav/libavcodec/decode.c:441
#7  0x0000000000547eb7 in try_decode_frame (st=st at entry=0x33e2fe0,
avpkt=avpkt at entry=0x7ffc22c36490, options=0x33e3cc0,
    s=0x33d2060) at /usr/src/libav/libavformat/utils.c:1950
#8  0x000000000054c0d7 in avformat_find_stream_info (ic=0x33d2060,
options=0x33e3cc0) at /usr/src/libav/libavformat/utils.c:2459

It is reset here

#0  0x0000000000633b9f in remove_sps (id=0, s=0x33f99d0) at
/usr/src/libav/libavcodec/h264_ps.c:122
#1  ff_h264_decode_seq_parameter_set (gb=gb at entry=0x33e4718,
avctx=avctx at entry=0x33e37e0, ps=ps at entry=0x33f99d0)
    at /usr/src/libav/libavcodec/h264_ps.c:576
#2  0x0000000000636a32 in decode_nal_units (buf_size=39, buf=<optimized out>,
h=0x33f3200)
    at /usr/src/libav/libavcodec/h264dec.c:610
#3  h264_decode_frame (avctx=0x33e37e0, data=0x33e4f40,
got_frame=0x7ffc22c3630c, avpkt=<optimized out>)
    at /usr/src/libav/libavcodec/h264dec.c:726
#4  0x00000000005b3d85 in decode_simple_internal (frame=0x33e4f40,
avctx=0x33e37e0) at /usr/src/libav/libavcodec/decode.c:335

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20170417/c3c4fb53/attachment.html>


More information about the libav-bugs mailing list