diff mbox series

[FFmpeg-devel] fftools/ffprobe: Loop over correct number of streams when flushing decoders

Message ID 20221103151738.28002-1-derek.buitenhuis@gmail.com
State Accepted
Commit d1366c41672f8767fa124b43e49d2d0ae7e776db
Headers show
Series [FFmpeg-devel] fftools/ffprobe: Loop over correct number of streams when flushing decoders | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished

Commit Message

Derek Buitenhuis Nov. 3, 2022, 3:17 p.m. UTC 
Some formats like FLV can dynamically add streams during packet reading.
FFprobe does check for this an reallocate the global stream info, but does
not reallocate InputFrame's streams and decoders when this happens, which,
as a result, could have caused flushing to occur on an out of bounds stream
index, since the flush loop iterates over fmt_ctx's nb_streams, an not
ifiles, despite using ifile's streams.

This fixes an out of bounds read and segfult.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
---
Sample file: https://www.dropbox.com/s/ocu1ta6xzw8j6e7/dynamic_stream_segfault.flv?dl=0

Repro commands:

    1. ffprobe -select_streams 1 -read_intervals '%+#60' -show_frames dynamic_stream_segfault.flv
    2. ffprobe -select_streams 1 -show_frames dynamic_stream_segfault.flv
---
 fftools/ffprobe.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Derek Buitenhuis Nov. 6, 2022, 11:23 a.m. UTC | #1 
On 11/3/2022 3:17 PM, Derek Buitenhuis wrote:
> ---
>  fftools/ffprobe.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Ping.

- Derek
Stefano Sabatini Nov. 7, 2022, 12:15 a.m. UTC | #2 
On Sun, Nov 6, 2022 at 12:23 PM Derek Buitenhuis
<derek.buitenhuis@gmail.com> wrote:
>
> On 11/3/2022 3:17 PM, Derek Buitenhuis wrote:
> > ---
> >  fftools/ffprobe.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
>
> Ping.

>FFprobe does check for this an reallocate
anD reallocate

LGTM, thanks.
Derek Buitenhuis Nov. 7, 2022, 5:01 p.m. UTC | #3 
On 11/7/2022 12:15 AM, Stefano Sabatini wrote:
> anD reallocate
> 
> LGTM, thanks.

Fixed, along with the other typo, and pushed.

- Derek
diff mbox series

Patch

diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c
index 9b7e82fd8c..99adf615ae 100644
--- a/fftools/ffprobe.c
+++ b/fftools/ffprobe.c
@@ -2893,7 +2893,7 @@  static int read_interval_packets(WriterContext *w, InputFile *ifile,
     }
     av_packet_unref(pkt);
     //Flush remaining frames that are cached in the decoder
-    for (i = 0; i < fmt_ctx->nb_streams; i++) {
+    for (i = 0; i < ifile->nb_streams; i++) {
         pkt->stream_index = i;
         if (do_read_frames) {
             while (process_frame(w, ifile, frame, pkt, &(int){1}) > 0);