From: Pavel Koshevoy <pkoshevoy-at-gmail.com@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH] avformat/demux: Fix segfault due to avcodec_open2 failure (v2)
Date: Tue, 10 Jun 2025 09:39:36 -0600
Message-ID: <CAJgjuow8r2ZOTt-dkNtxuAjDC=pfF5iJTQzueFmsx7D80EYRFA@mail.gmail.com> (raw)
In-Reply-To: <20250610152918.GV29660@pb2>
On Tue, Jun 10, 2025 at 9:29 AM Michael Niedermayer <michael@niedermayer.cc>
wrote:
> Hi Pavel
>
> On Tue, Jun 10, 2025 at 08:42:08AM -0600, Pavel Koshevoy wrote:
> > On Tue, Jun 10, 2025, 07:39 Michael Niedermayer <michael@niedermayer.cc>
> > wrote:
> >
> > > On Mon, Jun 09, 2025 at 09:45:28PM -0600, Pavel Koshevoy wrote:
> > > > Fixes 'ffprobe 1_poc.mp4' segfault introduced with
> > > > commit 0021484d05f9b0f032fa319399de6e24eea0c04f
> > > >
> > > > codec_close should not assume that the codec_id did not change.
> > > > ---
> > > > libavformat/demux.c | 8 +++++++-
> > > > 1 file changed, 7 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/libavformat/demux.c b/libavformat/demux.c
> > > > index ecd4f40da9..3749ab67a3 100644
> > > > --- a/libavformat/demux.c
> > > > +++ b/libavformat/demux.c
> > > > @@ -1292,9 +1292,15 @@ static int codec_close(FFStream *sti)
> > > > {
> > > > AVCodecContext *avctx_new = NULL;
> > > > AVCodecParameters *par_tmp = NULL;
> > > > + const AVCodec *new_codec = NULL;
> > > > int ret;
> > > >
> > > > - avctx_new = avcodec_alloc_context3(sti->avctx->codec);
> > > > + new_codec =
> > > > + (sti->avctx->codec_id != sti->pub.codecpar->codec_id) ?
> > > > + avcodec_find_decoder(sti->pub.codecpar->codec_id) :
> > > > + sti->avctx->codec;
> > > > +
> > > > + avctx_new = avcodec_alloc_context3(new_codec);
> > > > if (!avctx_new) {
> > > > ret = AVERROR(ENOMEM);
> > > > goto fail;
> > >
> > > This is not about request_probe
> > > but about the mpegts demuxer randomly changeing codec id midstream
> > >
> >
> >
> > I have several real (not crafted like 1_poc.mp4 is) .ts files where codec
> > changes from mpeg2video to hevc, from mpeg2audio to eac3 -- while
> remaining
> > on the same PIDs. I also have .ts files where codec switches between
> > mpeg2video and h264. VLC was able to play such files, but my ffmpeg
> based
> > player (apprenticevideo) could not even see that the codecs changed prior
> > to 0021484d05f9b0f032fa319399de6e24eea0c04f.
>
> do these work ?
> (work here means the result is a complete file with all frames from the
> input
> and is playable and seekable)
> ./ffmpeg -i input.ts -codec copy output.ts
> ./ffmpeg -i input.ts -codec copy output.mp4
> ./ffmpeg -i input.ts -vcodec libx264 -acodec libopus output.mkv
>
not really relevant because if they don't work -- it's a defect in the
command line tool, not the demuxer.
I need the libavformat API to work with mpeg-ts data I have, I don't
actually care if ffprobe/ffplay/ffmpeg can handle these files ... they
couldn't handle them before and they still can't, but I'm not an fftools
maintainer so I don't think I'll be taking on a 3rd job to fix fftools as
well.
>
> > Reverting isn't really an
> > option for me, not unless there is a better solution presented.
>
> is adding an exploitable security issue an option for you ?
>
I'm not a security expert, but IIRC the patch I've posted here fixes the
segfault you are referring to?
>
> If people want to keep this, it should be behind a flag and
> disabled by default.
>
> Its not enough to fix our code that crashes, other applications
> similarly wont expect such id and type changes mid stream
>
If mpeg-ts allows the codecs to change at any time -- it's a bug in the
application if it doesn't support that.
>
>
> >
> > As I am primarily a public ffmpeg API user -- I am well out of my depth
> > when it comes to making non-trivial changes to ffmpegs internals.
>
> Thats ok, but you applied this change to ffmpeg internals, and here
> you say "I am well out of my depth when it comes to making non-trivial
> changes to ffmpegs internals."
>
> Did someone review this ?
>
No, it was ignored for weeks.
>
> commit 0021484d05f9b0f032fa319399de6e24eea0c04f
> Author: Pavel Koshevoy <pkoshevoy@gmail.com>
> AuthorDate: Sun May 18 08:57:31 2025 -0600
> Commit: Pavel Koshevoy <pkoshevoy@gmail.com>
> CommitDate: Sun May 18 08:57:31 2025 -0600
>
>
> thx
>
> [...]
>
> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> The greatest way to live with honor in this world is to be what we pretend
> to be. -- Socrates
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2025-06-10 15:40 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 3:45 Pavel Koshevoy
2025-06-10 13:38 ` Michael Niedermayer
2025-06-10 14:42 ` Pavel Koshevoy
2025-06-10 15:29 ` Michael Niedermayer
2025-06-10 15:39 ` Pavel Koshevoy [this message]
2025-06-10 17:27 ` Pavel Koshevoy
2025-06-10 17:30 ` Nicolas George
2025-06-10 17:54 ` Pavel Koshevoy
2025-06-10 22:10 ` Michael Niedermayer
2025-06-10 23:36 ` Pavel Koshevoy
2025-06-11 10:14 ` Michael Niedermayer
2025-06-11 15:51 ` Michael Niedermayer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJgjuow8r2ZOTt-dkNtxuAjDC=pfF5iJTQzueFmsx7D80EYRFA@mail.gmail.com' \
--to=pkoshevoy-at-gmail.com@ffmpeg.org \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git