Bug 182595 - buffer smaller than AVCODEC_MAX_AUDIO_FRAME_SIZE
Summary: buffer smaller than AVCODEC_MAX_AUDIO_FRAME_SIZE
Status: RESOLVED FIXED
Alias: None
Product: k3b
Classification: Applications
Component: general (show other bugs)
Version: 1.91.0
Platform: unspecified Linux
: NOR normal
Target Milestone: ---
Assignee: Sebastian Trueg
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-31 16:05 UTC by michel munnix
Modified: 2010-05-24 21:59 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
test audio file (13.26 KB, application/octet-stream)
2009-01-31 16:06 UTC, michel munnix
Details
plugin configuration (181.24 KB, image/jpeg)
2009-01-31 16:08 UTC, michel munnix
Details
Fix for this bug (3.00 KB, patch)
2010-04-19 01:08 UTC, Jason Bouzane
Details
Updated patch that applies cleanly at head (2.50 KB, patch)
2010-05-23 11:54 UTC, Jason Bouzane
Details
Updated patch in svn diff format (2.90 KB, patch)
2010-05-23 20:05 UTC, Jason Bouzane
Details

Note You need to log in before you can comment on or make changes to this bug.
Description michel munnix 2009-01-31 16:05:35 UTC
Version:           1.0.5 (using 3.5.10 "release 21.11" , openSUSE )
Compiler:          Target: x86_64-suse-linux
OS:                Linux (x86_64) release 2.6.27.7-9-default

when trying to burn an audio CD from aac files, I am getting many identical messages:
[aac @ 0x1846460]buffer smaller than AVCODEC_MAX_AUDIO_FRAME_SIZE
then k3b closes without error message
same problem when trying to play the peace with right-click context menu.

for testing, I created a small file with :
ffmpeg -i /usr/share/ooo3/basis3.0/share/gallery/sounds/curve.wav curve.aac
Comment 1 michel munnix 2009-01-31 16:06:40 UTC
Created attachment 30783 [details]
test audio file
Comment 2 michel munnix 2009-01-31 16:08:51 UTC
Created attachment 30784 [details]
plugin configuration
Comment 3 Steffen Sobiech 2009-05-10 14:09:42 UTC
I can confirm this one. It also happens on 32bit.
Comment 4 Sebastian Trueg 2009-05-11 09:59:59 UTC
tried with K3b trunk. Does not crash.
Comment 5 Jason Bouzane 2010-04-19 01:08:53 UTC
Created attachment 42878 [details]
Fix for this bug
Comment 6 Jason Bouzane 2010-04-19 01:11:43 UTC
I'm a little disappointed that this was closed without further investigation. The code that is being used here is very obviously broken and the original bug had enough information to figure this out. There are three major bugs in the code.

In fillOutputBuffer, you call avcodec_decode_audio2 but you don't check the return value. If it returns -1, you increase packet size by 1 every time and go into an infinite loop.

You incorrectly set d->outputBufferSize to 0 before calling avcodec_decode_audio2, which is explicitly warned against in the documentation.

You don't 16-byte align the output buffer. This is also explicitly warned against in the documentation and will result in crashes if you are using an sse2 enabled processor and you fix the previous two bugs.

On top of those three, there's no way to return an error from fillOutputBuffer, even though the function can fail.

I've attached a patch that fixes these problems for me.
Comment 7 Jason Bouzane 2010-05-03 11:11:08 UTC
Any update on this? It'd be nice to get this patch submitted against head.
Comment 8 Jason Bouzane 2010-05-18 06:48:21 UTC
Can someone provide an update on this bug? I don't think anything needs to be done besides submitting the attached patch.
Comment 9 Jason Bouzane 2010-05-23 11:54:54 UTC
Created attachment 43817 [details]
Updated patch that applies cleanly at head
Comment 10 Jason Bouzane 2010-05-23 20:05:38 UTC
Created attachment 43825 [details]
Updated patch in svn diff format
Comment 11 Kim Højgaard-Hansen 2010-05-24 11:35:47 UTC
changing this to unconfirmed now, since i apparently can't re-open :)

@Jason

Thank you for the extra information and work, we will look into this issue.
Comment 12 Michał Małek 2010-05-24 19:04:51 UTC
Patch applied on revision 1130188. Thanks for patch and for patience!
WebSVN link: http://websvn.kde.org/?view=rev&revision=1130188