From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Cc: michaelni <code@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avformat/flv: codec_id assertion failures (PR #21527)
Date: Tue, 20 Jan 2026 03:45:46 -0000
Message-ID: <176888074697.25.14098929608519422553@4457048688e7> (raw)
PR #21527 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21527
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21527.patch
2 commits fixing a file which set codec id a little later
and with parsing requested and the code fails to handle that
>From c47504ef16897af73ca0f66ef8eb68ebb4ac69af Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 20 Jan 2026 04:14:08 +0100
Subject: [PATCH 1/2] avformat/flvdec: Check need_context_update when audio
codec changes
We did check video codecs but not audio
Fixes: Assertion failure (on codec_id) in parser.c
Fixes: 472097507/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6016386662203392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/flvdec.c | 43 +++++++++++++++++++++++++++++++------------
1 file changed, 31 insertions(+), 12 deletions(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index c75345d882..d10fbf216e 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -301,9 +301,13 @@ static int flv_same_audio_codec(AVCodecParameters *apar, int flags, uint32_t cod
}
}
-static void flv_set_audio_codec(AVFormatContext *s, AVStream *astream,
+static int flv_set_audio_codec(AVFormatContext *s, AVStream *astream,
AVCodecParameters *apar, int flv_codecid)
{
+ FFStream *const astreami = ffstream(astream);
+ AVCodecParameters *par = astream->codecpar;
+ enum AVCodecID old_codec_id = astream->codecpar->codec_id;
+
switch (flv_codecid) {
// no distinction between S16 and S8 PCM codec flags
case FLV_CODECID_PCM:
@@ -356,28 +360,34 @@ static void flv_set_audio_codec(AVFormatContext *s, AVStream *astream,
break;
case MKBETAG('m', 'p', '4', 'a'):
apar->codec_id = AV_CODEC_ID_AAC;
- return;
+ break;
case MKBETAG('O', 'p', 'u', 's'):
apar->codec_id = AV_CODEC_ID_OPUS;
apar->sample_rate = 48000;
- return;
+ break;
case MKBETAG('.', 'm', 'p', '3'):
apar->codec_id = AV_CODEC_ID_MP3;
- return;
+ break;
case MKBETAG('f', 'L', 'a', 'C'):
apar->codec_id = AV_CODEC_ID_FLAC;
- return;
+ break;
case MKBETAG('a', 'c', '-', '3'):
apar->codec_id = AV_CODEC_ID_AC3;
- return;
+ break;
case MKBETAG('e', 'c', '-', '3'):
apar->codec_id = AV_CODEC_ID_EAC3;
- return;
+ break;
default:
avpriv_request_sample(s, "Audio codec (%x)",
flv_codecid >> FLV_AUDIO_CODECID_OFFSET);
apar->codec_tag = flv_codecid >> FLV_AUDIO_CODECID_OFFSET;
}
+
+ if (!astreami->need_context_update && par->codec_id != old_codec_id) {
+ avpriv_request_sample(s, "Changing the codec id midstream");
+ return AVERROR_PATCHWELCOME;
+ }
+ return 0;
}
static int flv_same_video_codec(AVCodecParameters *vpar, uint32_t flv_codecid)
@@ -719,7 +729,9 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream,
return ret;
} else if (!strcmp(key, "audiocodecid") && apar) {
int id = ((int)num_val) << FLV_AUDIO_CODECID_OFFSET;
- flv_set_audio_codec(s, astream, apar, id);
+ int ret = flv_set_audio_codec(s, astream, apar, id);
+ if (ret < 0)
+ return ret;
} else if (!strcmp(key, "audiosamplerate") && apar) {
apar->sample_rate = num_val;
} else if (!strcmp(key, "audiosamplesize") && apar) {
@@ -1641,8 +1653,10 @@ retry_duration:
st->codecpar->bits_per_coded_sample = bits_per_coded_sample;
}
if (!st->codecpar->codec_id) {
- flv_set_audio_codec(s, st, st->codecpar,
+ ret = flv_set_audio_codec(s, st, st->codecpar,
flags & FLV_AUDIO_CODECID_MASK);
+ if (ret < 0)
+ goto leave;
flv->last_sample_rate =
sample_rate = st->codecpar->sample_rate;
flv->last_channels =
@@ -1655,14 +1669,19 @@ retry_duration:
}
par->sample_rate = sample_rate;
par->bits_per_coded_sample = bits_per_coded_sample;
- flv_set_audio_codec(s, st, par, flags & FLV_AUDIO_CODECID_MASK);
+ ret = flv_set_audio_codec(s, st, par, flags & FLV_AUDIO_CODECID_MASK);
+ if (ret < 0)
+ goto leave;
sample_rate = par->sample_rate;
avcodec_parameters_free(&par);
}
} else if (stream_type == FLV_STREAM_TYPE_AUDIO) {
- if (!st->codecpar->codec_id)
- flv_set_audio_codec(s, st, st->codecpar,
+ if (!st->codecpar->codec_id) {
+ ret = flv_set_audio_codec(s, st, st->codecpar,
codec_id ? codec_id : (flags & FLV_AUDIO_CODECID_MASK));
+ if (ret < 0)
+ goto leave;
+ }
// These are not signalled in the flags anymore
channels = 0;
--
2.52.0
>From 9f076ed04ef2dc05c89aa04f4120f5a3aa432fc0 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 20 Jan 2026 04:16:43 +0100
Subject: [PATCH 2/2] avformat/demux: Allow non opened codec in
has_decode_delay_been_guessed()
Fixes: assertion failure
Fixes: 472097507/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6016386662203392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/demux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/demux.c b/libavformat/demux.c
index 06cb8d0c54..5aa4a6c61b 100644
--- a/libavformat/demux.c
+++ b/libavformat/demux.c
@@ -762,7 +762,7 @@ static int has_decode_delay_been_guessed(AVStream *st)
if (st->codecpar->codec_id != AV_CODEC_ID_H264) return 1;
if (!sti->info) // if we have left find_stream_info then nb_decoded_frames won't increase anymore for stream copy
return 1;
- av_assert0(sti->avctx->codec_id == AV_CODEC_ID_H264);
+ av_assert0(sti->avctx->codec_id == AV_CODEC_ID_H264 || (sti->avctx->codec_id == AV_CODEC_ID_NONE && !avcodec_is_open(sti->avctx)));
#if CONFIG_H264_DECODER
if (sti->avctx->has_b_frames && avcodec_is_open(sti->avctx) &&
avpriv_h264_has_num_reorder_frames(sti->avctx) == sti->avctx->has_b_frames)
--
2.52.0
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
reply other threads:[~2026-01-20 3:46 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=176888074697.25.14098929608519422553@4457048688e7 \
--to=ffmpeg-devel@ffmpeg.org \
--cc=code@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git