[FFmpeg-devel] [PATCH] oggdec: add support for proper demuxing of chained Opus files and streams

Michael Niedermayer michael at niedermayer.cc
Sat Jun 6 21:06:33 EEST 2020 

On Sat, Jun 06, 2020 at 07:23:25PM +0200, Lynne wrote:
> Jun 6, 2020, 17:21 by michael at niedermayer.cc:
> 
> > On Mon, Jun 01, 2020 at 06:19:52PM +0200, Michael Niedermayer wrote:
> >
> >> On Tue, Apr 28, 2020 at 08:20:37PM +0200, Lynne wrote:
> >> > Part of this patch is based on Paul B Mahol's patch from last year. 
> >> > 
> >> > This also allows for single-stream parameter/codec changes.
> >> > 
> >> > Must be applied on top of the latest version of other 3 patches I sent today.
> >> > 
> >>
> >> >  oggdec.c       |   45 +++++++++++++++++++++++++--------------------
> >> >  oggdec.h       |    1 +
> >> >  oggparseopus.c |    1 +
> >> >  3 files changed, 27 insertions(+), 20 deletions(-)
> >> > ce692abc11552b4c35772e57051378e0fd1ddece  0001-oggdec-add-support-for-proper-demuxing-of-chained-Op.patch
> >> > From 70dcc91b32c89cb580bf13f2c081fa8e74f226f9 Mon Sep 17 00:00:00 2001
> >> > From: Lynne <dev at lynne.ee>
> >> > Date: Tue, 28 Apr 2020 12:25:46 +0100
> >> > Subject: [PATCH] oggdec: add support for proper demuxing of chained Opus files
> >> >  and streams
> >> > 
> >> > Part of this patch is based on Paul B Mahol's patch from last year.
> >> > 
> >> > This also allows for single-stream parameter/codec changes.
> >> > ---
> >> >  libavformat/oggdec.c       | 45 +++++++++++++++++++++-----------------
> >> >  libavformat/oggdec.h       |  1 +
> >> >  libavformat/oggparseopus.c |  1 +
> >> >  3 files changed, 27 insertions(+), 20 deletions(-)
> >>
> >> This causes out of array reads with
> >> https://samples.ffmpeg.org/V-codecs/Theora/theora_testsuite_broken/multi2.ogg
> >>
> >> ==5283== Invalid read of size 8
> >> ==5283==    at 0x640508: vorbis_packet (oggparsevorbis.c:413)
> >> ==5283==    by 0x637546: ogg_packet (oggdec.c:589)
> >> ==5283==    by 0x638392: ogg_read_packet (oggdec.c:824)
> >> ==5283==    by 0x6A9211: ff_read_packet (utils.c:851)
> >> ==5283==    by 0x6AC440: read_frame_internal (utils.c:1582)
> >> ==5283==    by 0x6AD3F8: av_read_frame (utils.c:1784)
> >> ==5283==    by 0x250B4B: get_input_packet (ffmpeg.c:4140)
> >> ==5283==    by 0x251021: process_input (ffmpeg.c:4259)
> >> ==5283==    by 0x253255: transcode_step (ffmpeg.c:4640)
> >> ==5283==    by 0x2533D2: transcode (ffmpeg.c:4694)
> >> ==5283==    by 0x253CE9: main (ffmpeg.c:4895)
> >> ==5283==  Address 0x1680af68 is 8 bytes after a block of size 32 in arena "client"
> >> ==5283==
> >>
> >
> > ping
> >
> 
> Not sure how that's possible. The codec-specific parsing context just disappears?

i have a few more crashes from this patchset and looked
at the others first, i will post fixes to 2 of them.
This one here i did not deeply look at yet, so i cant say what is happening yet ...

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Does the universe only have a finite lifespan? No, its going to go on
forever, its just that you wont like living in it. -- Hiranya Peiri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200606/5b7f7723/attachment.sig>

More information about the ffmpeg-devel mailing list