From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 5D64E4C99A for ; Tue, 10 Jun 2025 15:29:29 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 6D8A668D440; Tue, 10 Jun 2025 18:29:27 +0300 (EEST) Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id C3A6468C77C for ; Tue, 10 Jun 2025 18:29:20 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id EF7F941DE2 for ; Tue, 10 Jun 2025 15:29:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1749569360; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0X62X59CfevCdOgpO6lC4X+GcLLTpGLpMrWV4kQO36k=; b=mzOMNFAHRLqOGTchlvOFHIGg9ujgl1OsSuXBoCvfTYDRtg9xplhDSpBvkCw6XsfIwkoaiR 5g+mUJ9IwnC7FuDoMdKooCt0hHsBCrKcVk99sPXT6axaeNqalTQnrkNBh3S2iGskzpKAAb Q23RTYP25Bixf34huQjdfdKHGW6OG5jXY33zbB8ZEjilz1r8N1eHrCfmZdCBw3Tyt28Ye5 y2Rt2QF41TnKjAXnapLoA6gtYk2YHEYBjXsOE64cEJ3Wmqhjl7uGjybEShH7uu1CsslXCc CA4TZl3ilzc6Dn8Ym5AF2VZPT+cYRy3YIKD7erxqcyFEHD1evPpqG/e9rAAmyw== Date: Tue, 10 Jun 2025 17:29:18 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20250610152918.GV29660@pb2> References: <20250610034528.30157-1-pkoshevoy@gmail.com> <20250610133859.GU29660@pb2> MIME-Version: 1.0 In-Reply-To: X-GND-State: clean X-GND-Score: -85 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddugddutdelvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfitefpfffkpdcuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnegfrhhlucfvnfffucdludehmdenucfjughrpeffhffvuffkfhggtggujgesghdtreertddtvdenucfhrhhomhepofhitghhrggvlhcupfhivgguvghrmhgrhigvrhcuoehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgeqnecuggftrfgrthhtvghrnhepieegkedtjeduffejhfetgeejtdegteetgfegtdfhjefgvefhteegkeejtddvhfevnecukfhppeeguddrieeirdeijedruddufeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeeguddrieeirdeijedruddufedphhgvlhhopehlohgtrghlhhhoshhtpdhmrghilhhfrhhomhepmhhitghhrggvlhesnhhivgguvghrmhgrhigvrhdrtggtpdhnsggprhgtphhtthhopedupdhrtghpthhtohepfhhfmhhpvghgqdguvghvvghlsehffhhmphgvghdrohhrgh X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH] avformat/demux: Fix segfault due to avcodec_open2 failure (v2) X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============2743255619403130125==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============2743255619403130125== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="3qyZvONx02j+SBSv" Content-Disposition: inline --3qyZvONx02j+SBSv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Pavel On Tue, Jun 10, 2025 at 08:42:08AM -0600, Pavel Koshevoy wrote: > On Tue, Jun 10, 2025, 07:39 Michael Niedermayer > wrote: >=20 > > On Mon, Jun 09, 2025 at 09:45:28PM -0600, Pavel Koshevoy wrote: > > > Fixes 'ffprobe 1_poc.mp4' segfault introduced with > > > commit 0021484d05f9b0f032fa319399de6e24eea0c04f > > > > > > codec_close should not assume that the codec_id did not change. > > > --- > > > libavformat/demux.c | 8 +++++++- > > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > > > diff --git a/libavformat/demux.c b/libavformat/demux.c > > > index ecd4f40da9..3749ab67a3 100644 > > > --- a/libavformat/demux.c > > > +++ b/libavformat/demux.c > > > @@ -1292,9 +1292,15 @@ static int codec_close(FFStream *sti) > > > { > > > AVCodecContext *avctx_new =3D NULL; > > > AVCodecParameters *par_tmp =3D NULL; > > > + const AVCodec *new_codec =3D NULL; > > > int ret; > > > > > > - avctx_new =3D avcodec_alloc_context3(sti->avctx->codec); > > > + new_codec =3D > > > + (sti->avctx->codec_id !=3D sti->pub.codecpar->codec_id) ? > > > + avcodec_find_decoder(sti->pub.codecpar->codec_id) : > > > + sti->avctx->codec; > > > + > > > + avctx_new =3D avcodec_alloc_context3(new_codec); > > > if (!avctx_new) { > > > ret =3D AVERROR(ENOMEM); > > > goto fail; > > > > This is not about request_probe > > but about the mpegts demuxer randomly changeing codec id midstream > > >=20 >=20 > I have several real (not crafted like 1_poc.mp4 is) .ts files where codec > changes from mpeg2video to hevc, from mpeg2audio to eac3 -- while remaini= ng > on the same PIDs. I also have .ts files where codec switches between > mpeg2video and h264. VLC was able to play such files, but my ffmpeg based > player (apprenticevideo) could not even see that the codecs changed prior > to 0021484d05f9b0f032fa319399de6e24eea0c04f. do these work ? (work here means the result is a complete file with all frames from the inp= ut and is playable and seekable) =2E/ffmpeg -i input.ts -codec copy output.ts =2E/ffmpeg -i input.ts -codec copy output.mp4 =2E/ffmpeg -i input.ts -vcodec libx264 -acodec libopus output.mkv > Reverting isn't really an > option for me, not unless there is a better solution presented. is adding an exploitable security issue an option for you ? If people want to keep this, it should be behind a flag and disabled by default. Its not enough to fix our code that crashes, other applications similarly wont expect such id and type changes mid stream >=20 > As I am primarily a public ffmpeg API user -- I am well out of my depth > when it comes to making non-trivial changes to ffmpegs internals. Thats ok, but you applied this change to ffmpeg internals, and here you say "I am well out of my depth when it comes to making non-trivial chan= ges to ffmpegs internals." Did someone review this ? commit 0021484d05f9b0f032fa319399de6e24eea0c04f Author: Pavel Koshevoy AuthorDate: Sun May 18 08:57:31 2025 -0600 Commit: Pavel Koshevoy CommitDate: Sun May 18 08:57:31 2025 -0600 thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The greatest way to live with honor in this world is to be what we pretend to be. -- Socrates --3qyZvONx02j+SBSv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCaEhPSwAKCRBhHseHBAsP qwQaAJ0bNjWOqfTlHsJ3M4S6xAcNpo4oVgCcDiE+rjSK6wDTWw60W98GSQOP6hE= =0G7R -----END PGP SIGNATURE----- --3qyZvONx02j+SBSv-- --===============2743255619403130125== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============2743255619403130125==--