I attached a patch rom FFmpeg SVN that fixes this problem for me. The
commit message is:
r19192 | bcoudurier | 2009-06-14 15:34:28 -0700 (Sun, 14 Jun 2009) | 1 line
check if frame size matches old sys and assumes corrupted input, fixes #1192
On Wed, Aug 12, 2009 at 2:40 PM, Dan Dennedy<d...@dennedy.org> wrote:
> On Wed, Aug 12, 2009 at 1:16 PM, Reinhard Tartler<siret...@tauware.de> wrote:
>> Dan Dennedy <d...@dennedy.org> writes:
>>
>>>>>> Thanks. Is someone able to reproduce this bug with ffplay? I've
>>>>>> tried, but didn't manage to create segfaults out of it.
>>>>>
>>>>> No, it did not segfault for me either, but it did become
>>>>> unresponsive.
>>>>
>>>> this is normal behavior. ffplay does not quit automatically at end of
>>>> file, but you can exit it with pressing 'q'.
>>>
>>> No shit. This is not what I was talking about. I resent the
>>> condescending tone you take with someone who actually writes code
>>> against the ffmpeg libs. Try clicking around on the window. Seeking
>>> into the first 3 playable seconds of this 10 minute clip fails.
>>
>> I asked in my mail before if the file was only 3 secs or longer. Okay,
>> playback stops for me after 3 seks as well, which means that I can
>> reproduce it as well. At least, I can now investigate the issue further.
>
> Well, thank you for not flaming back. I have to correct my assertion
> that it is a 10 minute clip - I meant ~10 seconds.
>
>> [...]
>>
>>>> I have no plans to stop tracking the 0.5 release branch, so yes, we'd
>>>> need a patch for the 0.5 release. In fact, the 0.5 release branch *is*
>>>> updated with updates, and there is even a 0.5.1 release in the pipe.
>>>
>>> And do you think you are more qualified to maintain FFmpeg than the
>>> FFmpeg project itself?
>>
>> The 0.5 release branch *is* maintained by the FFmpeg project
>> itself. They provide the 0.5 release as syncronization point for
>> downstreams to share a common code base.
>
> I am going to take another crack at locating the fix, but I am not
> going to make a promise or overly exert myself. If you or anyone else
> intends to look at it further, the easier way to test and induce a
> crash in the debugger is to use the MLT command line player: melt
> dvgrab...dv. After playing through the first 3 seconds, press 'h' to
> seek backwards one frame, and it should crash. If not, play a bit
> longer and then 'h'
>
> --
> +-DRD-+
>
Index: libavcodec/dv.c
===================================================================
--- libavcodec/dv.c (revision 19191)
+++ libavcodec/dv.c (revision 19192)
@@ -1119,7 +1119,7 @@
int buf_size = avpkt->size;
DVVideoContext *s = avctx->priv_data;
- s->sys = dv_frame_profile(buf);
+ s->sys = dv_frame_profile(s->sys, buf, buf_size);
if (!s->sys || buf_size < s->sys->frame_size || dv_init_dynamic_tables(s->sys))
return -1; /* NOTE: we only accept several full frames */
Index: libavcodec/dvdata.h
===================================================================
--- libavcodec/dvdata.h (revision 19191)
+++ libavcodec/dvdata.h (revision 19192)
@@ -698,7 +698,9 @@
*/
#define DV_MAX_BPM 8
-static inline const DVprofile* dv_frame_profile(const uint8_t* frame)
+static inline
+const DVprofile* dv_frame_profile(const DVprofile *sys,
+ const uint8_t* frame, unsigned buf_size)
{
int i;
@@ -715,6 +717,10 @@
if (dsf == dv_profiles[i].dsf && stype == dv_profiles[i].video_stype)
return &dv_profiles[i];
+ /* check if old sys matches and assumes corrupted input */
+ if (sys && buf_size == sys->frame_size)
+ return sys;
+
return NULL;
}
Index: libavformat/dv.c
===================================================================
--- libavformat/dv.c (revision 19191)
+++ libavformat/dv.c (revision 19192)
@@ -322,7 +322,7 @@
uint8_t *ppcm[4] = {0};
if (buf_size < DV_PROFILE_BYTES ||
- !(c->sys = dv_frame_profile(buf)) ||
+ !(c->sys = dv_frame_profile(c->sys, buf, buf_size)) ||
buf_size < c->sys->frame_size) {
return -1; /* Broken frame, or not enough data */
}
@@ -421,7 +421,7 @@
url_fseek(s->pb, -DV_PROFILE_BYTES, SEEK_CUR) < 0)
return AVERROR(EIO);
- c->dv_demux->sys = dv_frame_profile(c->buf);
+ c->dv_demux->sys = dv_frame_profile(c->dv_demux->sys, c->buf, DV_PROFILE_BYTES);
if (!c->dv_demux->sys) {
av_log(s, AV_LOG_ERROR, "Can't determine profile of DV input stream.\n");
return -1;
