Opened 8 years ago
Closed 4 years ago
#2326 closed defect (fixed)
Null dereference in demux_rawdv_fill_buffer
| Reported by: | Javantea | Owned by: | beastd |
|---|---|---|---|
| Priority: | normal | Component: | demuxer |
| Version: | 1.3 | Severity: | normal |
| Keywords: | crash | Cc: | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | yes | Analyzed by developer: | no |
Description
Summary of the bug:
A null dereference occurs in demux_rawdv_fill_buffer when a certain type of file is played with DISPLAY=.
How to reproduce:
DISPLAY= gdb mplayer
(gdb) run x.tgz
MPlayer 1.3.0-5.4.0 (C) 2000-2016 MPlayer Team
Can't open joystick device /dev/input/js0: No such file or directory
Can't init input joystick
Playing x.tgz.
libavformat version 57.71.100 (external)
RAWDV file format detected.
VIDEO: [DVSD] 720x480 24bpp 29.970 fps 0.0 kbps ( 0.0 kbyte/s)
vo: couldn't open the X11 display ()!
Error opening/initializing the selected video_out (-vo) device.
Load subtitles in ./
Program received signal SIGSEGV, Segmentation fault.
demux_rawdv_fill_buffer (demuxer=0x555555aad9d0, ds=<optimized out>) at libmpdemux/demux_rawdv.c:125
125 libmpdemux/demux_rawdv.c: No such file or directory.
(gdb) bt
#0 demux_rawdv_fill_buffer (demuxer=0x555555aad9d0, ds=<optimized out>) at libmpdemux/demux_rawdv.c:125
#1 0x00005555556431f8 in demux_fill_buffer (ds=0x555555aa4750, demux=0x555555aad9d0) at libmpdemux/demuxer.c:649
#2 ds_get_next_pts (ds=0x555555aa4750) at libmpdemux/demuxer.c:958
#3 0x00005555555a1d85 in print_file_properties (filename=<optimized out>, mpctx=0x555555a13000 <mpctx_s>) at mplayer.c:537
#4 main (argc=2, argv=0x7fffffffd428) at mplayer.c:3615
(gdb) list
120 bytes_read=stream_read(demuxer->stream,dp_video->buffer,frames->frame_size);
121 if (bytes_read<frames->frame_size) {
122 free_demux_packet(dp_video);
123 return 0;
124 }
125 dp_video->pts=frames->current_frame/sh_video->fps;
126 dp_video->pos=frames->current_filepos;
127 dp_video->flags=0;
128
129 if (demuxer->audio && demuxer->audio->id>=-1)
(gdb) print sh_video
$1 = (sh_video_t *) 0x0
(gdb) print dp_video
$2 = <optimized out>
(gdb) print frames
$3 = (rawdv_frames_t *) 0x555555aa47f0
I wasn't able to find the cause because gdb wouldn't play nicely. There is some strange stuff occurring in that demuxer.
I can't repro it normally, I have to set DISPLAY=
To make a repro, it appears to require a 1MB or so tar.gz file.
For example:
DISPLAY= mplayer /usr/portage/distfiles/gperf-3.1.tar.gz
If you want to make your own:
tar czf bikeim-README.tgz README.md dd if=/dev/urandom bs=1024 count=1024 >>bikeim-README.tgz
If you can't repro let me know and I'll send you the file. I'm happy to help in any way I can.
Attachments (1)
Change History (5)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
If you have a small file that triggers the crash you could also attach it to the ticket here.
comment:3 by , 7 years ago
| Reproduced by developer: | set |
|---|---|
| Status: | new → open |
Thank you for providing the sample.
I did not realize I didn't have the MPlayer rawdv demuxer in my build because I was missing libdv development files.
I can reproduce it now, but I couldn't have a closer look yet.
Unfortunately I cannot reproduce.
Is it also happening with newest MPlayer version from SVN?