Skip to content

Commit

Permalink
ijkplayer: convert pointer to string instead of using av_dict_set_int
Browse files Browse the repository at this point in the history
  • Loading branch information
zhenghanchao committed Feb 7, 2021
1 parent 86e8d33 commit e99d640
Show file tree
Hide file tree
Showing 10 changed files with 79 additions and 39 deletions.
13 changes: 11 additions & 2 deletions ijkmedia/ijkplayer/ff_ffplay.c
View file
Expand Up @@ -4144,7 +4144,7 @@ void *ffp_set_ijkio_inject_opaque(FFPlayer *ffp, void *opaque)
ijkio_manager_destroyp(&ffp->ijkio_manager_ctx);
ijkio_manager_create(&ffp->ijkio_manager_ctx, ffp);
ijkio_manager_set_callback(ffp->ijkio_manager_ctx, ijkio_app_func_event);
ffp_set_option_int(ffp, FFP_OPT_CATEGORY_FORMAT, "ijkiomanager", (int64_t)(intptr_t)ffp->ijkio_manager_ctx);
ffp_set_option_intptr(ffp, FFP_OPT_CATEGORY_FORMAT, "ijkiomanager", (uintptr_t)ffp->ijkio_manager_ctx);

return prev_weak_thiz;
}
Expand All @@ -4158,7 +4158,7 @@ void *ffp_set_inject_opaque(FFPlayer *ffp, void *opaque)

av_application_closep(&ffp->app_ctx);
av_application_open(&ffp->app_ctx, ffp);
ffp_set_option_int(ffp, FFP_OPT_CATEGORY_FORMAT, "ijkapplication", (int64_t)(intptr_t)ffp->app_ctx);
ffp_set_option_intptr(ffp, FFP_OPT_CATEGORY_FORMAT, "ijkapplication", (uint64_t)(intptr_t)ffp->app_ctx);

ffp->app_ctx->func_on_app_event = app_func_event;
return prev_weak_thiz;
Expand All @@ -4182,6 +4182,15 @@ void ffp_set_option_int(FFPlayer *ffp, int opt_category, const char *name, int64
av_dict_set_int(dict, name, value, 0);
}

void ffp_set_option_intptr(FFPlayer *ffp, int opt_category, const char *name, uintptr_t value)
{
if (!ffp)
return;

AVDictionary **dict = ffp_get_opt_dict(ffp, opt_category);
av_dict_set_intptr(dict, name, value, 0);
}

void ffp_set_overlay_format(FFPlayer *ffp, int chroma_fourcc)
{
switch (chroma_fourcc) {
Expand Down
1 change: 1 addition & 0 deletions ijkmedia/ijkplayer/ff_ffplay.h
View file
Expand Up @@ -51,6 +51,7 @@ void *ffp_set_inject_opaque(FFPlayer *ffp, void *opaque);
void *ffp_set_ijkio_inject_opaque(FFPlayer *ffp, void *opaque);
void ffp_set_option(FFPlayer *ffp, int opt_category, const char *name, const char *value);
void ffp_set_option_int(FFPlayer *ffp, int opt_category, const char *name, int64_t value);
void ffp_set_option_intptr(FFPlayer *ffp, int opt_category, const char *name, uintptr_t value);

int ffp_get_video_codec_info(FFPlayer *ffp, char **codec_info);
int ffp_get_audio_codec_info(FFPlayer *ffp, char **codec_info);
Expand Down
8 changes: 4 additions & 4 deletions ijkmedia/ijkplayer/ijkavformat/ijkasync.c
View file
Expand Up @@ -84,7 +84,7 @@ typedef struct Context {
/* options */
int64_t forwards_capacity;
int64_t backwards_capacity;
int64_t app_ctx_intptr;
char * app_ctx_intptr;
AVApplicationContext *app_ctx;
} Context;

Expand Down Expand Up @@ -308,8 +308,8 @@ static int async_open(URLContext *h, const char *arg, int flags, AVDictionary **
goto fifo_fail;

if (c->app_ctx_intptr) {
c->app_ctx = (AVApplicationContext *)(intptr_t)c->app_ctx_intptr;
av_dict_set_int(options, "ijkapplication", c->app_ctx_intptr, 0);
c->app_ctx = (AVApplicationContext *)av_dict_strtoptr(c->app_ctx_intptr);
av_dict_set_intptr(options, "ijkapplication", (uintptr_t )c->app_ctx, 0);
}
/* wrap interrupt callback */
c->interrupt_callback = h->interrupt_callback;
Expand Down Expand Up @@ -535,7 +535,7 @@ static const AVOption options[] = {
OFFSET(forwards_capacity), AV_OPT_TYPE_INT64, {.i64 = 128 * 1024}, 128 * 1024, 128 * 1024 * 1024, D },
{ "async-backwards-capacity", "max bytes that may be seek backward without seeking in inner protocol",
OFFSET(backwards_capacity), AV_OPT_TYPE_INT64, {.i64 = 128 * 1024}, 128 * 1024, 128 * 1024 * 1024, D },
{ "ijkapplication", "AVApplicationContext", OFFSET(app_ctx_intptr), AV_OPT_TYPE_INT64, { .i64 = 0 }, INT64_MIN, INT64_MAX, .flags = D },
{ "ijkapplication", "AVApplicationContext", OFFSET(app_ctx_intptr), AV_OPT_TYPE_STRING, { .str = 0 }, 0, 0, .flags = D },
{NULL},
};

Expand Down
27 changes: 14 additions & 13 deletions ijkmedia/ijkplayer/ijkavformat/ijkio.c
View file
Expand Up @@ -31,7 +31,7 @@

typedef struct Context {
AVClass *class;
int64_t *io_manager_ctx;
char *io_manager_ctx_intptr;
} Context;

static int ijkio_copy_options(IjkAVDictionary **dst, AVDictionary *src) {
Expand All @@ -51,10 +51,10 @@ static int ijkio_open(URLContext *h, const char *arg, int flags, AVDictionary **
Context *c = h->priv_data;
int ret = -1;

if (!c || !c->io_manager_ctx)
if (!c || !c->io_manager_ctx_intptr)
return -1;

IjkIOManagerContext *manager_ctx = (IjkIOManagerContext *)(c->io_manager_ctx);
IjkIOManagerContext *manager_ctx = (IjkIOManagerContext *)av_dict_strtoptr(c->io_manager_ctx_intptr);
manager_ctx->ijkio_interrupt_callback = (IjkAVIOInterruptCB *)&(h->interrupt_callback);

av_strstart(arg, "ijkio:", &arg);
Expand All @@ -77,40 +77,41 @@ static int ijkio_read(URLContext *h, unsigned char *buf, int size)
{
Context *c = h->priv_data;

if (!c || !c->io_manager_ctx)
if (!c || !c->io_manager_ctx_intptr)
return -1;

((IjkIOManagerContext *)(c->io_manager_ctx))->cur_ffmpeg_ctx = c;
return ijkio_manager_io_read((IjkIOManagerContext *)(c->io_manager_ctx), buf, size);
((IjkIOManagerContext *)(av_dict_strtoptr(c->io_manager_ctx_intptr)))->cur_ffmpeg_ctx = c;
return ijkio_manager_io_read((IjkIOManagerContext *)(av_dict_strtoptr(c->io_manager_ctx_intptr)), buf, size);
}

static int64_t ijkio_seek(URLContext *h, int64_t offset, int whence)
{
Context *c = h->priv_data;

if (!c || !c->io_manager_ctx)
if (!c || !c->io_manager_ctx_intptr)
return -1;

((IjkIOManagerContext *)(c->io_manager_ctx))->cur_ffmpeg_ctx = c;
return ijkio_manager_io_seek((IjkIOManagerContext *)(c->io_manager_ctx), offset, whence);
((IjkIOManagerContext *)(av_dict_strtoptr(c->io_manager_ctx_intptr)))->cur_ffmpeg_ctx = c;
return ijkio_manager_io_seek((IjkIOManagerContext *)(av_dict_strtoptr(c->io_manager_ctx_intptr)), offset, whence);
}

static int ijkio_close(URLContext *h)
{
Context *c = h->priv_data;

if (!c || !c->io_manager_ctx)
if (!c || !c->io_manager_ctx_intptr)
return -1;

((IjkIOManagerContext *)(c->io_manager_ctx))->cur_ffmpeg_ctx = c;
return ijkio_manager_io_close((IjkIOManagerContext *)(c->io_manager_ctx));
((IjkIOManagerContext *)(av_dict_strtoptr(c->io_manager_ctx_intptr)))->cur_ffmpeg_ctx = c;
return ijkio_manager_io_close((IjkIOManagerContext *)(av_dict_strtoptr(c->io_manager_ctx_intptr)));
}

#define OFFSET(x) offsetof(Context, x)
#define D AV_OPT_FLAG_DECODING_PARAM

static const AVOption options[] = {
{ "ijkiomanager", "IjkIOManagerContext", OFFSET(io_manager_ctx), AV_OPT_TYPE_INT64, { .i64 = 0 }, INT64_MIN, INT64_MAX, .flags = D },
{ "ijkiomanager", "IjkIOManagerContext", OFFSET(io_manager_ctx_intptr), AV_OPT_TYPE_STRING, { .i64 = 0 }, 0, 0, .flags = D },
{ NULL }
};

#undef D
Expand Down
11 changes: 4 additions & 7 deletions ijkmedia/ijkplayer/ijkavformat/ijkiourlhook.c
View file
Expand Up @@ -45,7 +45,6 @@ typedef struct Context {
int segment_index;
int64_t test_fail_point;
int64_t test_fail_point_next;
int64_t app_ctx_intptr;
int abort_request;
AVApplicationContext *app_ctx;
IjkIOApplicationContext *ijkio_app_ctx;
Expand Down Expand Up @@ -175,7 +174,7 @@ static int ijkio_urlhook_init(IjkURLContext *h, const char *arg, int flags, IjkA
if (options)
ijk_av_dict_copy(&c->inner_options, *options, 0);

ijk_av_dict_set_int(&c->inner_options, "ijkapplication", c->app_ctx_intptr, 0);
ijk_av_dict_set_intptr(&c->inner_options, "ijkapplication", (uintptr_t )c->app_ctx, 0);
ijk_av_dict_set_int(&c->inner_options, "ijkinject-segment-index", c->segment_index, 0);

c->app_io_ctrl.size = sizeof(c->app_io_ctrl);
Expand Down Expand Up @@ -266,11 +265,9 @@ static int ijkio_httphook_open(IjkURLContext *h, const char *arg, int flags, Ijk
c->ijkio_app_ctx = h->ijkio_app_ctx;
c->ijkio_interrupt_callback = h->ijkio_app_ctx->ijkio_interrupt_callback;

t = ijk_av_dict_get(*options, "ijkapplication", NULL, IJK_AV_DICT_MATCH_CASE);
if (t) {
c->app_ctx_intptr = (int64_t)strtoll(t->value, NULL, 10);
c->app_ctx = (AVApplicationContext *)(intptr_t)c->app_ctx_intptr;
} else {
c->app_ctx = (AVApplicationContext *)ijk_av_dict_get_intptr(*options, "ijkapplication");

if (!c->app_ctx) {
goto fail;
}

Expand Down
6 changes: 3 additions & 3 deletions ijkmedia/ijkplayer/ijkavformat/ijklivehook.c
View file
Expand Up @@ -39,7 +39,7 @@ typedef struct {

/* options */
AVDictionary *open_opts;
int64_t app_ctx_intptr;
char * app_ctx_intptr;
AVApplicationContext *app_ctx;
} Context;

Expand Down Expand Up @@ -191,7 +191,7 @@ static int ijklivehook_read_header(AVFormatContext *avf, AVDictionary **options)
const char *inner_url = NULL;
int ret = -1;

c->app_ctx = (AVApplicationContext *)(intptr_t)c->app_ctx_intptr;
c->app_ctx = (AVApplicationContext *)av_dict_strtoptr(c->app_ctx_intptr);
av_strstart(avf->filename, "ijklivehook:", &inner_url);

c->io_control.size = sizeof(c->io_control);
Expand Down Expand Up @@ -292,7 +292,7 @@ static int ijklivehook_read_packet(AVFormatContext *avf, AVPacket *pkt)
#define D AV_OPT_FLAG_DECODING_PARAM

static const AVOption options[] = {
{ "ijkapplication", "AVApplicationContext", OFFSET(app_ctx_intptr), AV_OPT_TYPE_INT64, { .i64 = 0 }, INT64_MIN, INT64_MAX, .flags = D },
{ "ijkapplication", "AVApplicationContext", OFFSET(app_ctx_intptr), AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, .flags = D },
{ NULL }
};

Expand Down
6 changes: 3 additions & 3 deletions ijkmedia/ijkplayer/ijkavformat/ijksegment.c
View file
Expand Up @@ -34,14 +34,14 @@ typedef struct Context {

/* options */
char *http_hook;
int64_t app_ctx_intptr;
char * app_ctx_intptr;
} Context;

static int ijksegment_open(URLContext *h, const char *arg, int flags, AVDictionary **options)
{
Context *c = h->priv_data;
AVAppIOControl io_control = {0};
AVApplicationContext *app_ctx = (AVApplicationContext *)(intptr_t)c->app_ctx_intptr;
AVApplicationContext *app_ctx = (AVApplicationContext *)av_dict_strtoptr(c->app_ctx_intptr);
int ret = -1;
int segment_index = -1;

Expand All @@ -65,7 +65,7 @@ static int ijksegment_open(URLContext *h, const char *arg, int flags, AVDictiona
goto fail;
}

av_dict_set_int(options, "ijkapplication", c->app_ctx_intptr, 0);
av_dict_set_intptr(options, "ijkapplication", (uintptr_t )app_ctx, 0);
av_dict_set_int(options, "ijkinject-segment-index", segment_index, 0);

ret = ffurl_open_whitelist(&c->inner,
Expand Down
13 changes: 6 additions & 7 deletions ijkmedia/ijkplayer/ijkavformat/ijkurlhook.c
View file
Expand Up @@ -46,7 +46,7 @@ typedef struct Context {
int segment_index;
int64_t test_fail_point;
int64_t test_fail_point_next;
int64_t app_ctx_intptr;
char* app_ctx_intptr;
AVApplicationContext *app_ctx;
} Context;

Expand Down Expand Up @@ -141,7 +141,7 @@ static int ijkurlhook_init(URLContext *h, const char *arg, int flags, AVDictiona
if (options)
av_dict_copy(&c->inner_options, *options, 0);

av_dict_set_int(&c->inner_options, "ijkapplication", c->app_ctx_intptr, 0);
av_dict_set_intptr(&c->inner_options, "ijkapplication", (uintptr_t )c->app_ctx, 0);
av_dict_set_int(&c->inner_options, "ijkinject-segment-index", c->segment_index, 0);

c->app_io_ctrl.size = sizeof(c->app_io_ctrl);
Expand All @@ -162,7 +162,7 @@ static int ijktcphook_open(URLContext *h, const char *arg, int flags, AVDictiona
Context *c = h->priv_data;
int ret = 0;

c->app_ctx = (AVApplicationContext *)(intptr_t)c->app_ctx_intptr;
c->app_ctx = (AVApplicationContext *)av_dict_strtoptr(c->app_ctx_intptr);
c->scheme = "ijktcphook:";
c->inner_scheme = "tcp:";
ret = ijkurlhook_init(h, arg, flags, options);
Expand Down Expand Up @@ -251,7 +251,7 @@ static int ijkhttphook_open(URLContext *h, const char *arg, int flags, AVDiction
Context *c = h->priv_data;
int ret = 0;

c->app_ctx = (AVApplicationContext *)(intptr_t)c->app_ctx_intptr;
c->app_ctx = (AVApplicationContext *)av_dict_strtoptr(c->app_ctx_intptr);
c->scheme = "ijkhttphook:";
if (av_stristart(arg, "ijkhttphook:https:", NULL))
c->inner_scheme = "https:";
Expand Down Expand Up @@ -417,7 +417,7 @@ static int64_t ijkhttphook_seek(URLContext *h, int64_t pos, int whence)
static const AVOption ijktcphook_options[] = {
{ "ijktcphook-test-fail-point", "test fail point, in bytes",
OFFSET(test_fail_point), AV_OPT_TYPE_INT, {.i64 = 0}, 0, INT_MAX, D },
{ "ijkapplication", "AVApplicationContext", OFFSET(app_ctx_intptr), AV_OPT_TYPE_INT64, { .i64 = 0 }, INT64_MIN, INT64_MAX, .flags = D },
{ "ijkapplication", "AVApplicationContext", OFFSET(app_ctx_intptr), AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, .flags = D },

{ NULL }
};
Expand All @@ -427,8 +427,7 @@ static const AVOption ijkhttphook_options[] = {
OFFSET(segment_index), AV_OPT_TYPE_INT, {.i64 = 0}, 0, INT_MAX, D },
{ "ijkhttphook-test-fail-point", "test fail point, in bytes",
OFFSET(test_fail_point), AV_OPT_TYPE_INT, {.i64 = 0}, 0, INT_MAX, D },
{ "ijkapplication", "AVApplicationContext", OFFSET(app_ctx_intptr), AV_OPT_TYPE_INT64, { .i64 = 0 }, INT64_MIN, INT64_MAX, .flags = D },

{ "ijkapplication", "AVApplicationContext", OFFSET(app_ctx_intptr), AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, .flags = D },
{ NULL }
};

Expand Down
29 changes: 29 additions & 0 deletions ijkmedia/ijkplayer/ijkavutil/ijkdict.c
View file
Expand Up @@ -153,6 +153,35 @@ int ijk_av_dict_set_int(IjkAVDictionary **pm, const char *key, int64_t value,
return ijk_av_dict_set(pm, key, valuestr, flags);
}

int ijk_av_dict_set_intptr(IjkAVDictionary **pm, const char *key, uintptr_t value, int flags) {
char valuestr[22];
snprintf(valuestr, sizeof(valuestr), "%p", value);
flags &= ~IJK_AV_DICT_DONT_STRDUP_VAL;
return ijk_av_dict_set(pm, key, valuestr, flags);
}

uintptr_t ijk_av_dict_strtoptr(char * value) {
uintptr_t ptr = NULL;
char *next = NULL;
if(value[0] !='0' || (value[1]|0x20)!='x') {
return NULL;
}
ptr = strtoll(value, &next, 16);
if (next == value) {
return NULL;
}
return ptr;
}

uintptr_t ijk_av_dict_get_intptr(const IjkAVDictionary *m, const char* key) {
uintptr_t ptr = NULL;
IjkAVDictionaryEntry *t = NULL;
if ((t = av_dict_get(m, key, NULL, 0))) {
return ijk_av_dict_strtoptr(t->value);
}
return NULL;
}

void ijk_av_dict_free(IjkAVDictionary **pm)
{
IjkAVDictionary *m = *pm;
Expand Down
4 changes: 4 additions & 0 deletions ijkmedia/ijkplayer/ijkavutil/ijkdict.h
View file
Expand Up @@ -103,6 +103,10 @@ int ijk_av_dict_set(IjkAVDictionary **pm, const char *key, const char *value, in
*/
int ijk_av_dict_set_int(IjkAVDictionary **pm, const char *key, int64_t value, int flags);

int ijk_av_dict_set_intptr(IjkAVDictionary **pm, const char *key, uintptr_t value, int flags);

uintptr_t ijk_av_dict_get_intptr(const IjkAVDictionary *m, const char* key);

/**
* Copy entries from one AVDictionary struct into another.
* @param dst pointer to a pointer to a AVDictionary struct. If *dst is NULL,
Expand Down

8 comments on commit e99d640

@Gunkkk
Copy link

@Gunkkk Gunkkk commented on e99d640 Nov 2, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems that it mainly 1. add the check for c->>app_ctx and 2. turns the int64 ptr to uint64 ptr, which one solve the problem from memory tagging please? @zhangchn

@cyberhorse208
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

同问同问,究竟哪里和memory tagging有冲突的,现在手机开启MTE后,bilibili直接无法播放视频

@Gunkkk
Copy link

@Gunkkk Gunkkk commented on e99d640 Nov 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

同问同问,究竟哪里和memory tagging有冲突的,现在手机开启MTE后,bilibili直接无法播放视频

@cyberhorse208 目前来看是之前的代码是有问题的 导致指针访问越界了 这个修改把检查前置了 所以必须要更新

@cyberhorse208
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Gunkkk 能有更详细一点分析不?我遇到的问题堆栈长这样, bilibili 7.55.0版本。不知道这个版本有没有合入这个修改。

pid: 13025, tid: 13758, name: amediacodec_inp >>> tv.danmaku.bili:ijkservice <<<

signal 11 (SIGSEGV), code -6 (SI_TKILL), fault addr --------
x0 0000007cdf79358c x1 000000791ab11480 x2 0000000000000000 x3 000000791ab11680
x4 000000791ab11700 x5 0000000000000004 x6 0000001600000000 x7 0000000000000000
x8 0000000000000001 x9 000000000000b480 x10 0000000000000040 x11 000000000000000c
x12 0000000000000028 x13 0000007cdfa0c168 x14 0000000000002393 x15 00000000000000f8
x16 0000007cdf785dc0 x17 0000007cdf70eb20 x18 00000078c6612000 x19 0b00007b2ad0e130
x20 0800007a4aee1ca0 x21 0e00007b5ac420f0 x22 0000000000000000 x23 0e00007b5ac420f0
x24 0f00007b8b0659b0 x25 0c00007b8b01c3a0 x26 0000000000000001 x27 0c00007b8b01c3a0
x28 0000000000000000 x29 0200007b0ac314c8
lr 0000007987eddc78 sp 000000791ab11870 pc 0000007987eddc54 pst 0000000060001000

backtrace:
#00 pc 0000000000397c54 /data/app/~~4a0vaTYjbxf1168SOgYZlA==/tv.danmaku.bili-YPYLZb7iiZT-iyQgmh1k1w==/lib/arm64/libijkffmpeg.so (ff_hevc_decode_nal_vps+1036)
#1 pc 0000000000396fb8 /data/app/~~4a0vaTYjbxf1168SOgYZlA==/tv.danmaku.bili-YPYLZb7iiZT-iyQgmh1k1w==/lib/arm64/libijkffmpeg.so
#2 pc 0000000000409048 /data/app/~~4a0vaTYjbxf1168SOgYZlA==/tv.danmaku.bili-YPYLZb7iiZT-iyQgmh1k1w==/lib/arm64/libijkffmpeg.so (av_parser_parse2+236)
#3 pc 000000000006a95c /data/app/~~4a0vaTYjbxf1168SOgYZlA==/tv.danmaku.bili-YPYLZb7iiZT-iyQgmh1k1w==/lib/arm64/libijkplayer.so (BuildId: f72316d2a7e0d23bd40f5b7936de12850fd422f0)
#4 pc 000000000007c1dc /data/app/~~4a0vaTYjbxf1168SOgYZlA==/tv.danmaku.bili-YPYLZb7iiZT-iyQgmh1k1w==/lib/arm64/libijksdl.so (BuildId: 07820b94e2a1f3b676bc030086682d2ccaaa8079)
#5 pc 00000000000c2300 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+224) (BuildId: 0ed80cba964aae11aaa75d1a46f5fe95)
#6 pc 00000000000556e0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 0ed80cba964aae11aaa75d1a46f5fe95)

@Gunkkk
Copy link

@Gunkkk Gunkkk commented on e99d640 Nov 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Gunkkk 能有更详细一点分析不?我遇到的问题堆栈长这样, bilibili 7.55.0版本。不知道这个版本有没有合入这个修改。

pid: 13025, tid: 13758, name: amediacodec_inp >>> tv.danmaku.bili:ijkservice <<<

signal 11 (SIGSEGV), code -6 (SI_TKILL), fault addr -------- x0 0000007cdf79358c x1 000000791ab11480 x2 0000000000000000 x3 000000791ab11680 x4 000000791ab11700 x5 0000000000000004 x6 0000001600000000 x7 0000000000000000 x8 0000000000000001 x9 000000000000b480 x10 0000000000000040 x11 000000000000000c x12 0000000000000028 x13 0000007cdfa0c168 x14 0000000000002393 x15 00000000000000f8 x16 0000007cdf785dc0 x17 0000007cdf70eb20 x18 00000078c6612000 x19 0b00007b2ad0e130 x20 0800007a4aee1ca0 x21 0e00007b5ac420f0 x22 0000000000000000 x23 0e00007b5ac420f0 x24 0f00007b8b0659b0 x25 0c00007b8b01c3a0 x26 0000000000000001 x27 0c00007b8b01c3a0 x28 0000000000000000 x29 0200007b0ac314c8 lr 0000007987eddc78 sp 000000791ab11870 pc 0000007987eddc54 pst 0000000060001000

backtrace: #00 pc 0000000000397c54 /data/app/~~4a0vaTYjbxf1168SOgYZlA==/tv.danmaku.bili-YPYLZb7iiZT-iyQgmh1k1w==/lib/arm64/libijkffmpeg.so (ff_hevc_decode_nal_vps+1036) #1 pc 0000000000396fb8 /data/app/~~4a0vaTYjbxf1168SOgYZlA==/tv.danmaku.bili-YPYLZb7iiZT-iyQgmh1k1w==/lib/arm64/libijkffmpeg.so #2 pc 0000000000409048 /data/app/~~4a0vaTYjbxf1168SOgYZlA==/tv.danmaku.bili-YPYLZb7iiZT-iyQgmh1k1w==/lib/arm64/libijkffmpeg.so (av_parser_parse2+236) #3 pc 000000000006a95c /data/app/~~4a0vaTYjbxf1168SOgYZlA==/tv.danmaku.bili-YPYLZb7iiZT-iyQgmh1k1w==/lib/arm64/libijkplayer.so (BuildId: f72316d2a7e0d23bd40f5b7936de12850fd422f0) #4 pc 000000000007c1dc /data/app/~~4a0vaTYjbxf1168SOgYZlA==/tv.danmaku.bili-YPYLZb7iiZT-iyQgmh1k1w==/lib/arm64/libijksdl.so (BuildId: 07820b94e2a1f3b676bc030086682d2ccaaa8079) #5 pc 00000000000c2300 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+224) (BuildId: 0ed80cba964aae11aaa75d1a46f5fe95) #6 pc 00000000000556e0 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 0ed80cba964aae11aaa75d1a46f5fe95)

@cyberhorse208 你确定和这个commit相关吗,如下代码这个只是对context传入的AVApplicationContext做解析,如果传入的内容有问题就返回空,这个commit之前没有这个判断导致走到后面访问偏移OOB后报错,但可能实际影响较小,在内存安全检测下才会报,这个应该主要是解决android 11 targetsdk30+的memory tagging带来的报错的 乍看和你的问题似乎没啥关系

uintptr_t ijk_av_dict_strtoptr(char * value) {
    uintptr_t ptr = NULL;
    char *next = NULL;
    if(value[0] !='0' || (value[1]|0x20)!='x') {
        return NULL;
    }
    ptr = strtoll(value, &next, 16);
    if (next == value) {
        return NULL;
    }
    return ptr;
}

@cyberhorse208
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

嗯,我的问题堆栈显示崩溃在ff_hevc_decode_nal_vps,和ijk_av_dict_strtoptr么有关系。
只是在开启MTE的设备上面播放视频老是挂掉,想知道原因,会不会也是类似的问题

@Gunkkk
Copy link

@Gunkkk Gunkkk commented on e99d640 Nov 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

嗯,我的问题堆栈显示崩溃在ff_hevc_decode_nal_vps,和ijk_av_dict_strtoptr么有关系。 只是在开启MTE的设备上面播放视频老是挂掉,想知道原因,会不会也是类似的问题

@cyberhorse208 ijk_av_dict_strtoptr?你的对堆栈里没看到呀 你手里有MTE的设备吗? 方便的话可以私下联系 :d2VpeGluOiBvcjJ6eno=

@cyberhorse208
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

好的

Please sign in to comment.