[FFmpeg-devel] [PATCH] oggdec: add support for proper demuxing of chained Opus files and streams

Lynne dev at lynne.ee
Sat Jun 6 20:23:25 EEST 2020 

Jun 6, 2020, 17:21 by michael at niedermayer.cc:

> On Mon, Jun 01, 2020 at 06:19:52PM +0200, Michael Niedermayer wrote:
>
>> On Tue, Apr 28, 2020 at 08:20:37PM +0200, Lynne wrote:
>> > Part of this patch is based on Paul B Mahol's patch from last year. 
>> > 
>> > This also allows for single-stream parameter/codec changes.
>> > 
>> > Must be applied on top of the latest version of other 3 patches I sent today.
>> > 
>>
>> >  oggdec.c       |   45 +++++++++++++++++++++++++--------------------
>> >  oggdec.h       |    1 +
>> >  oggparseopus.c |    1 +
>> >  3 files changed, 27 insertions(+), 20 deletions(-)
>> > ce692abc11552b4c35772e57051378e0fd1ddece  0001-oggdec-add-support-for-proper-demuxing-of-chained-Op.patch
>> > From 70dcc91b32c89cb580bf13f2c081fa8e74f226f9 Mon Sep 17 00:00:00 2001
>> > From: Lynne <dev at lynne.ee>
>> > Date: Tue, 28 Apr 2020 12:25:46 +0100
>> > Subject: [PATCH] oggdec: add support for proper demuxing of chained Opus files
>> >  and streams
>> > 
>> > Part of this patch is based on Paul B Mahol's patch from last year.
>> > 
>> > This also allows for single-stream parameter/codec changes.
>> > ---
>> >  libavformat/oggdec.c       | 45 +++++++++++++++++++++-----------------
>> >  libavformat/oggdec.h       |  1 +
>> >  libavformat/oggparseopus.c |  1 +
>> >  3 files changed, 27 insertions(+), 20 deletions(-)
>>
>> This causes out of array reads with
>> https://samples.ffmpeg.org/V-codecs/Theora/theora_testsuite_broken/multi2.ogg
>>
>> ==5283== Invalid read of size 8
>> ==5283==    at 0x640508: vorbis_packet (oggparsevorbis.c:413)
>> ==5283==    by 0x637546: ogg_packet (oggdec.c:589)
>> ==5283==    by 0x638392: ogg_read_packet (oggdec.c:824)
>> ==5283==    by 0x6A9211: ff_read_packet (utils.c:851)
>> ==5283==    by 0x6AC440: read_frame_internal (utils.c:1582)
>> ==5283==    by 0x6AD3F8: av_read_frame (utils.c:1784)
>> ==5283==    by 0x250B4B: get_input_packet (ffmpeg.c:4140)
>> ==5283==    by 0x251021: process_input (ffmpeg.c:4259)
>> ==5283==    by 0x253255: transcode_step (ffmpeg.c:4640)
>> ==5283==    by 0x2533D2: transcode (ffmpeg.c:4694)
>> ==5283==    by 0x253CE9: main (ffmpeg.c:4895)
>> ==5283==  Address 0x1680af68 is 8 bytes after a block of size 32 in arena "client"
>> ==5283==
>>
>
> ping
>

Not sure how that's possible. The codec-specific parsing context just disappears?

More information about the ffmpeg-devel mailing list