[FFmpeg-devel] [PATCH v8 2/6] avformat/flvdec: support demux hevc in enhanced flv
Michael Niedermayer
michael at niedermayer.cc
Thu Jul 27 02:27:02 EEST 2023
On Thu, Apr 13, 2023 at 05:44:37PM +0800, Steven Liu wrote:
> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> ---
> libavformat/flvdec.c | 58 ++++++++++++++++++++++++++++++++++++++------
> 1 file changed, 50 insertions(+), 8 deletions(-)
>
> diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
> index d83edff727..6a1e6e7ff0 100644
> --- a/libavformat/flvdec.c
> +++ b/libavformat/flvdec.c
> @@ -79,6 +79,8 @@ typedef struct FLVContext {
> int64_t last_ts;
> int64_t time_offset;
> int64_t time_pos;
> +
> + uint8_t exheader;
> } FLVContext;
>
> /* AMF date type */
> @@ -302,13 +304,25 @@ static void flv_set_audio_codec(AVFormatContext *s, AVStream *astream,
> }
> }
>
> -static int flv_same_video_codec(AVCodecParameters *vpar, int flags)
> +static int flv_same_video_codec(AVFormatContext *s, AVCodecParameters *vpar, int flags)
> {
> int flv_codecid = flags & FLV_VIDEO_CODECID_MASK;
> + FLVContext *flv = s->priv_data;
>
> if (!vpar->codec_id && !vpar->codec_tag)
> return 1;
>
> + if (flv->exheader) {
> + uint8_t *codec_id_str = (uint8_t *)s->pb->buf_ptr;
> + uint32_t codec_id = codec_id_str[3] | codec_id_str[2] << 8 | codec_id_str[1] << 16 | codec_id_str[0] << 24;
pb->buf_ptr is in general not supposed to be directly accessed
In this case here it segfaults
READ of size 1 at 0x6100000003b7 thread T0
#0 0x7f928d in flv_same_video_codec ffmpeg/libavformat/flvdec.c:317:29
#1 0x7f928d in flv_read_packet ffmpeg/libavformat/flvdec.c:1177
#2 0x6ff32f in ff_read_packet ffmpeg/libavformat/demux.c:575:15
#3 0x70a2fd in read_frame_internal ffmpeg/libavformat/demux.c:1263:15
#4 0x71d158 in avformat_find_stream_info ffmpeg/libavformat/demux.c:2634:15
#5 0x4c821b in LLVMFuzzerTestOneInput ffmpeg/tools/target_dem_fuzzer.c:206:11
can you remove pb->buf_ptr use ?
I can fix it too but i have no testcase and fate doesnt cover this so my fix would
be untested ...
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Democracy is the form of government in which you can choose your dictator
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20230727/301cfedf/attachment.sig>
More information about the ffmpeg-devel
mailing list