[libav-bugs] [Bug 1164] New: a infinite loop in read_frame_internal

bugzilla at libav.org bugzilla at libav.org
Wed Jul 17 09:35:00 CEST 2019


https://bugzilla.libav.org/show_bug.cgi?id=1164

            Bug ID: 1164
           Summary: a infinite loop in read_frame_internal
           Product: Libav
           Version: git HEAD
          Hardware: X86
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: ---
         Component: utilities
          Assignee: bugzilla at libav.org
          Reporter: intreuse at gmail.com

Created attachment 747
  --> https://bugzilla.libav.org/attachment.cgi?id=747&action=edit
infinite loop poc

avconv -y -i $poc /dev/null
in libavformat/utils.c 927
if with a craft input, the while loop will not stop.
927     while (!got_packet && !s->internal->parse_queue) {
 928         AVStream *st;
 929         AVPacket cur_pkt;
 930 
 931         /* read next packet */
 932         ret = ff_read_packet(s, &cur_pkt);
 933         if (ret < 0) {
 934             if (ret == AVERROR(EAGAIN))
 935                 return ret;
 936             /* flush the parsers */
 937             for (i = 0; i < s->nb_streams; i++) {
 938                 st = s->streams[i];
 939                 if (st->parser && st->need_parsing)
 940                     parse_packet(s, NULL, st->index);
 941             }
 942             /* all remaining packets are now in parse_queue =>
 943              * really terminate parsing */
 944             break;
 945         }
 946         ret = 0;
 947         st  = s->streams[cur_pkt.stream_index];
 948 
 949         if (cur_pkt.pts != AV_NOPTS_VALUE &&
 950             cur_pkt.dts != AV_NOPTS_VALUE &&
 951             cur_pkt.pts < cur_pkt.dts) {
 952             av_log(s, AV_LOG_WARNING,
 953                    "Invalid timestamps stream=%d, pts=%"PRId64", "
 954                    "dts=%"PRId64", size=%d\n",
 955                    cur_pkt.stream_index, cur_pkt.pts,
 956                    cur_pkt.dts, cur_pkt.size);
 957         }
 958         if (s->debug & FF_FDEBUG_TS)
 959             av_log(s, AV_LOG_DEBUG,
 960                    "ff_read_packet stream=%d, pts=%"PRId64",
dts=%"PRId64", "
 961                    "size=%d, duration=%"PRId64", flags=%d\n",
 962                    cur_pkt.stream_index, cur_pkt.pts, cur_pkt.dts,
 963                    cur_pkt.size, cur_pkt.duration, cur_pkt.flags);
 964 
 965         if (st->need_parsing && !st->parser && !(s->flags &
AVFMT_FLAG_NOPARSE)) {
 966             st->parser = av_parser_init(st->codecpar->codec_id);
 967             if (!st->parser)
 968                 /* no parser available: just output the raw packets */
 969                 st->need_parsing = AVSTREAM_PARSE_NONE;
 970             else if (st->need_parsing == AVSTREAM_PARSE_HEADERS)
 971                 st->parser->flags |= PARSER_FLAG_COMPLETE_FRAMES;
 972             else if (st->need_parsing == AVSTREAM_PARSE_FULL_ONCE)
 973                 st->parser->flags |= PARSER_FLAG_ONCE;
 974         }
 975 
 976         if (!st->need_parsing || !st->parser) {
 977             /* no parsing needed: we just output the packet as is */
 978             *pkt = cur_pkt;
 979             compute_pkt_fields(s, st, NULL, pkt);
 980             if ((s->iformat->flags & AVFMT_GENERIC_INDEX) &&
 981                 (pkt->flags & AV_PKT_FLAG_KEY) && pkt->dts !=
AV_NOPTS_VALUE) {
 982                 ff_reduce_index(s, st->index);
 983                 av_add_index_entry(st, pkt->pos, pkt->dts,
 984                                    0, 0, AVINDEX_KEYFRAME);
 985             }
 986             got_packet = 1;
 987         } else if (st->discard < AVDISCARD_ALL) {
 988             if ((ret = parse_packet(s, &cur_pkt, cur_pkt.stream_index)) <
0)
 989                 return ret;
 990         } else {
 991             /* free packet */
 992             av_packet_unref(&cur_pkt);
 993         }
 994     }

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20190717/d5981c5f/attachment.html>


More information about the libav-bugs mailing list