From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 245A24016F for ; Thu, 3 Nov 2022 15:17:59 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B50A768BF9A; Thu, 3 Nov 2022 17:17:56 +0200 (EET) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A086F68BF5C for ; Thu, 3 Nov 2022 17:17:49 +0200 (EET) Received: by mail-wr1-f48.google.com with SMTP id v1so3234627wrt.11 for ; Thu, 03 Nov 2022 08:17:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=DzMcYR1CwxzGL+yJvb+b6WkhvJ0RciIblCLZkfvbh/s=; b=cS4uUrnhPyONQWtQPvl3NuhrqxOgThBzBk8xb2rsE4vdN/43DPd3qtrAJHuqqLipSy 4R71pL+XwbAq1KrbXLRBEtyFP4QZHHikCsBigTVkuV0lm7qCg6V2F0O1O2EqqC3kozcS maZ4avzglhoE+Yep/L7Kq0gQvPbLH0yD4mPmmQmQRgA5GTw5VevtirYMumnbz4W3jEQa A/gIYg5brKB+cxAlYvdnE8Mpl0MEVtpG3ELKfO/EiGKmnkZOTvtC8P60dbGUh+wg/0GA DcaOzHKeg51Whid66Ww6yp8kUlxxi3ID/n8V3z+n7fMiOu1rlq23/lc272X1HHLevYWA Su3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DzMcYR1CwxzGL+yJvb+b6WkhvJ0RciIblCLZkfvbh/s=; b=QYmslJygYtjW1yf4UxBPYpks6uLkGt4oPcHhEsiPTKpPEwoRsPJocxdKojvYPk6fVw q4ysfuJJY7yd9V9KJgxde4yO+VxQJ8GSoS0cR4c8SLf+L8g2oCqFUTviaYAXtGwk6Ce/ rxpZtN2hTsBsefFx2m6q8bsMh1CatLcEDEHBvb2+kS/aaNfqHJyck+nE5gPt9jM6qvt4 ZnAjnxysrF5H/JcAzxPwECT0mGwvVpu1yj9FFvvfDfEA3eR87XP8GirwSIPdoOVKoNu0 YrIr7DRi7zzPa7Z7xesY9NS2KXFWI/nRf/CcEEbZnHswYLMLFNd0HNrjc6F9AASTmfCR tq/A== X-Gm-Message-State: ACrzQf167cly6Nz9C9zV4byQhp1u9C4G9KGl7DprXR6/q1BJtvbuUE4F mNBMkdOUU4VCVF0JYcf6gtkOE7LYrIc= X-Google-Smtp-Source: AMsMyM5h0C8ANYKAUIBC69e5muTpPPH+mclwWnQ0vYrvP0KZ/07nW9xd1BEpr1VXH3nu/IhX+jVQeQ== X-Received: by 2002:adf:f9cf:0:b0:236:6a26:c055 with SMTP id w15-20020adff9cf000000b002366a26c055mr19314183wrr.195.1667488668591; Thu, 03 Nov 2022 08:17:48 -0700 (PDT) Received: from localhost.localdomain ([149.12.15.18]) by smtp.gmail.com with ESMTPSA id x17-20020a1c7c11000000b003a3170a7af9sm233195wmc.4.2022.11.03.08.17.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Nov 2022 08:17:47 -0700 (PDT) From: Derek Buitenhuis To: ffmpeg-devel@ffmpeg.org Date: Thu, 3 Nov 2022 15:17:38 +0000 Message-Id: <20221103151738.28002-1-derek.buitenhuis@gmail.com> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] fftools/ffprobe: Loop over correct number of streams when flushing decoders X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Some formats like FLV can dynamically add streams during packet reading. FFprobe does check for this an reallocate the global stream info, but does not reallocate InputFrame's streams and decoders when this happens, which, as a result, could have caused flushing to occur on an out of bounds stream index, since the flush loop iterates over fmt_ctx's nb_streams, an not ifiles, despite using ifile's streams. This fixes an out of bounds read and segfult. Signed-off-by: Derek Buitenhuis --- Sample file: https://www.dropbox.com/s/ocu1ta6xzw8j6e7/dynamic_stream_segfault.flv?dl=0 Repro commands: 1. ffprobe -select_streams 1 -read_intervals '%+#60' -show_frames dynamic_stream_segfault.flv 2. ffprobe -select_streams 1 -show_frames dynamic_stream_segfault.flv --- fftools/ffprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c index 9b7e82fd8c..99adf615ae 100644 --- a/fftools/ffprobe.c +++ b/fftools/ffprobe.c @@ -2893,7 +2893,7 @@ static int read_interval_packets(WriterContext *w, InputFile *ifile, } av_packet_unref(pkt); //Flush remaining frames that are cached in the decoder - for (i = 0; i < fmt_ctx->nb_streams; i++) { + for (i = 0; i < ifile->nb_streams; i++) { pkt->stream_index = i; if (do_read_frames) { while (process_frame(w, ifile, frame, pkt, &(int){1}) > 0); -- 2.37.2 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".