zmwangx/rust-ffmpeg

segmentation fault if no output format are contains in avformat

anatawa12 opened this issue · 0 comments

anatawa12 commented

Please include as much info as possible to save me (solo maintainer helping for free) some time. A minimal, complete, and reproducible example is a must. Link to a gist if you don't feel like posting all the code inline. At the same time, please leave out unnecessary code so I don't need to wade through a hundred lines to get to the problematic part. Tell me your OS, FFmpeg version, etc. if there's even a slim chance of relevancy.

If I made a avformat binary which contains no output format, The iterator returned from ffmpeg_next::format::format::list() will cause segmentation fault.
It looks to be because of this line.
av_oformat_next looks to return null even if the parameter is null if no formats exist.
However, this line seems to assume that the return value of av_oformat_next with null value is not null. this assumption is not correct.

rust-ffmpeg/src/format/format/iter.rs

Line 57 in 5ed41c8

if ptr.is_null() && !self.output.is_null() {

Steps to reproduce

  • Build FFmpeg with the following options. 
    ./configure \
  --prefix="$BUILT" \
  --disable-doc \
  --disable-programs \
  --disable-avdevice \
  --disable-swresample \
  --disable-swscale \
  --disable-postproc \
  --disable-avfilter \
  --disable-network \
  --disable-encoders \
  --disable-decoders \
  --disable-hwaccels \
  --disable-muxers \
  --disable-protocols
    if you can use macos, you may use my prebuilt binary here: ffmpeg-built-x86_64-apple-darwin.zip
  • set FFMPEG_DIR environment variable to the built FFmpeg distribution
  • Extract this project zip file: test-project.zip
  • Run cargo build to build
  • Run ./target/debug/rust-ffmpeg-bug to run compiled binary
  • Now ./target/debug/rust-ffmpeg-bug exit with segmentation fault at ffmpeg_next::format::format::output::Output::name

Additional Information
lldb log when stop here:

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x000000010000b479 rust-ffmpeg-bug`ffmpeg_next::format::format::output::Output::name::h6cc82e57f579b11a(self=0x00007ff7bfefef50) at output.rs:31:53
   28
   29  	impl Output {
   30  	    pub fn name(&self) -> &str {
-> 31  	        unsafe { from_utf8_unchecked(CStr::from_ptr((*self.as_ptr()).name).to_bytes()) }
   32  	    }
   33
   34  	    pub fn description(&self) -> &str {
Target 0: (rust-ffmpeg-bug) stopped.

Platform Information
uname: Darwin anatawa12-imac.local 21.1.0 Darwin Kernel Version 21.1.0: Wed Oct 13 17:33:23 PDT 2021; root:xnu-8019.41.5~1/RELEASE_X86_64 x86_64 i386 iMac17,1 Darwin
ffmpeg revision: cc33e73618a981de7fd96385ecb34719de031f1