[FFmpeg-devel] [PATCH v8 2/6] avformat/flvdec: support demux hevc in enhanced flv

Steven Liu lingjiujianke at gmail.com
Thu Jul 27 05:43:12 EEST 2023 

Michael Niedermayer <michael at niedermayer.cc> 于2023年7月27日周四 07:27写道:
Hi Michael,
>
> On Thu, Apr 13, 2023 at 05:44:37PM +0800, Steven Liu wrote:
> > Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> > ---
> >  libavformat/flvdec.c | 58 ++++++++++++++++++++++++++++++++++++++------
> >  1 file changed, 50 insertions(+), 8 deletions(-)
> >
> > diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
> > index d83edff727..6a1e6e7ff0 100644
> > --- a/libavformat/flvdec.c
> > +++ b/libavformat/flvdec.c
> > @@ -79,6 +79,8 @@ typedef struct FLVContext {
> >      int64_t last_ts;
> >      int64_t time_offset;
> >      int64_t time_pos;
> > +
> > +    uint8_t exheader;
> >  } FLVContext;
> >
> >  /* AMF date type */
> > @@ -302,13 +304,25 @@ static void flv_set_audio_codec(AVFormatContext *s, AVStream *astream,
> >      }
> >  }
> >
> > -static int flv_same_video_codec(AVCodecParameters *vpar, int flags)
> > +static int flv_same_video_codec(AVFormatContext *s, AVCodecParameters *vpar, int flags)
> >  {
> >      int flv_codecid = flags & FLV_VIDEO_CODECID_MASK;
> > +    FLVContext *flv = s->priv_data;
> >
> >      if (!vpar->codec_id && !vpar->codec_tag)
> >          return 1;
> >
> > +    if (flv->exheader) {
> > +        uint8_t *codec_id_str = (uint8_t *)s->pb->buf_ptr;
> > +        uint32_t codec_id = codec_id_str[3] | codec_id_str[2] << 8 | codec_id_str[1] << 16 | codec_id_str[0] << 24;
>
> pb->buf_ptr is in general not supposed to be directly accessed
>
> In this case here it segfaults
>
> READ of size 1 at 0x6100000003b7 thread T0
>     #0 0x7f928d in flv_same_video_codec ffmpeg/libavformat/flvdec.c:317:29
>     #1 0x7f928d in flv_read_packet ffmpeg/libavformat/flvdec.c:1177
>     #2 0x6ff32f in ff_read_packet ffmpeg/libavformat/demux.c:575:15
>     #3 0x70a2fd in read_frame_internal ffmpeg/libavformat/demux.c:1263:15
>     #4 0x71d158 in avformat_find_stream_info ffmpeg/libavformat/demux.c:2634:15
>     #5 0x4c821b in LLVMFuzzerTestOneInput ffmpeg/tools/target_dem_fuzzer.c:206:11
>
> can you remove pb->buf_ptr use ?
> I can fix it too but i have no testcase and fate doesnt cover this so my fix would
> be untested ...
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230727023744.20984-1-lq@chinaffmpeg.org/
Can this patch fix it?
>
> thx
>
> [...]
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Democracy is the form of government in which you can choose your dictator
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

Thanks
Steven

More information about the ffmpeg-devel mailing list