-
assigned issue to
Bhavna Hariharan
SEI related crash
Issue #340
closed
I am getting a crash in Encoder::encode. The faulty code is below:
if (inFrame->m_userSEI.numPayloads)
{
inFrame->m_userSEI.payloads = new x265_sei_payload[numPayloads];
for (int i = 0; i < numPayloads; i++)
{
x265_sei_payload input;
if (i == (numPayloads - 1))
input = toneMap;
else
input = pic_in->userSEI.payloads[i];
int size = inFrame->m_userSEI.payloads[i].payloadSize = input.payloadSize;
inFrame->m_userSEI.payloads[i].payloadType = input.payloadType;
inFrame->m_userSEI.payloads[i].payload = new uint8_t[size];
memcpy(inFrame->m_userSEI.payloads[i].payload, input.payload, size);
}
if (toneMap.payload)
x265_free(toneMap.payload);
}
In my case, inFrame->m_userSEI.numPayloads is set to 1, and toneMapEnable is set to 0. So when trying to add payload index 0, the '(i == (numPayloads - 1))' is true so input will be set to toneMap.
toneMap itself seems to be unitialized, and on my machine this triggers 'new uint8_t[size]' to be called with a negative size, and a failure.
Seems like changing this: if (i == (numPayloads - 1)) to this: if ((i == (numPayloads - 1)) & (toneMapEnable == 1)) would fix the issue.
Comments (4)
-
Account Deactivated
-
Please apply this patch and check if it fixes the issue.
https://mailman.videolan.org/pipermail/x265-devel/2017-May/011016.html
-
reporter
Yes this fixes the issue
-
Account Deactivated
- changed status to closed
Resolved with changset 1db72bbc6680
- Log in to comment