[FFmpeg-devel] [PATCH 5/5] avformat/oggdec: Disable mid stream codec changes

[Paul B Mahol]

On 6/13/20, Michael Niedermayer <michael at niedermayer.cc> wrote:
> The code crashes and neither the authors nor anyone else did fix this
> We cannot release code which crashes, so if noone fixes it, the only
> option left is to disable or revert. Revert is difficult as there are
> multiple commits afterwards
>
> Fixes:
> 22082/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5688619118624768
> Fixes: crash from V-codecs/Theora/theora_testsuite_broken/multi2.ogg
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavformat/oggdec.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c
> index 9eb45499c6..1f3ed8024c 100644
> --- a/libavformat/oggdec.c
> +++ b/libavformat/oggdec.c
> @@ -229,6 +229,15 @@ static int ogg_replace_stream(AVFormatContext *s,
> uint32_t serial, char *magic,
>      /* We only have a single stream anyway, so if there's a new stream with
>       * a different codec just replace it */
>      os = &ogg->streams[0];
> +    if (os->codec != codec) {
> +        /*
> +         * The codec change code from
> 8296443a70f052a6f5c9a867d28b83a5eb7d304d and surounding commits
> +         * crashes with out of array accesses
> +         * testcase is
> https://samples.ffmpeg.org/V-codecs/Theora/theora_testsuite_broken/multi2.ogg
> +         */
> +        return AVERROR_PATCHWELCOME;
> +    }
> +
>      os->serial  = serial;
>      os->codec   = codec;
>      os->serial  = serial;
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

NAK

It very aggressive and also pointless.