[MPlayer-dev-eng] SEGV in libmpeg2
Jindrich Makovicka
makovick at kmlinux.fjfi.cvut.cz
Sat Jan 24 13:40:44 CET 2004
Hi,
I just encountered a SIGSEGV while decoding an mpeg2 file due to a null
pointer dereference (mpeg2dec->fbuf[1] is NULL in decode.c:383). The
file together with the description is available in incoming/mpeg2_segv.
The following hack seems to work around it, although I wrote it with
absolutely no knowledge about mpeg2 and it rather compensates the
consequence of some bug, rather than solving it in the right place.
Index: decode.c
===================================================================
RCS file: /cvsroot/mplayer/main/libmpeg2/decode.c,v
retrieving revision 1.25
diff -u -b -B -r1.25 decode.c
--- decode.c 6 Apr 2003 16:42:15 -0000 1.25
+++ decode.c 24 Jan 2004 10:30:15 -0000
@@ -380,7 +380,7 @@
fbuf->buf[2] = buf[2];
fbuf->id = id;
// HACK! FIXME! At first I frame, copy pointers to prediction
frame too!
- if (mpeg2dec->custom_fbuf && !mpeg2dec->fbuf[1]->buf[0]){
+ if (mpeg2dec->custom_fbuf && mpeg2dec->fbuf[1] &&
!mpeg2dec->fbuf[1]->buf[0]){
mpeg2dec->fbuf[1]->buf[0]=buf[0];
mpeg2dec->fbuf[1]->buf[1]=buf[1];
mpeg2dec->fbuf[1]->buf[2]=buf[2];
Index: header.c
===================================================================
RCS file: /cvsroot/mplayer/main/libmpeg2/header.c,v
retrieving revision 1.13
diff -u -b -B -r1.13 header.c
--- header.c 3 Aug 2003 12:04:57 -0000 1.13
+++ header.c 24 Jan 2004 10:30:16 -0000
@@ -658,9 +658,15 @@
//mpeg2dec->decoder.convert = NULL;
b_type = (mpeg2dec->decoder.coding_type == B_TYPE);
+ if (mpeg2dec->fbuf[0] && mpeg2dec->fbuf[b_type + 1] &&
mpeg2dec->fbuf[b_type]) {
mpeg2_init_fbuf (&(mpeg2dec->decoder), mpeg2dec->fbuf[0]->buf,
mpeg2dec->fbuf[b_type + 1]->buf,
mpeg2dec->fbuf[b_type]->buf);
+ } else {
+ mpeg2dec->picture->flags |= PIC_FLAG_SKIP;
+ }
+
+
}
mpeg2dec->action = NULL;
return 0;
--
Jindrich Makovicka
More information about the MPlayer-dev-eng
mailing list