Some formats like FLV can dynamically add streams during packet reading. FFprobe does check for this an reallocate the global stream info, but does not reallocate InputFrame's streams and decoders when this happens, which, as a result, could have caused flushing to occur on an out of bounds stream index, since the flush loop iterates over fmt_ctx's nb_streams, an not ifiles, despite using ifile's streams.
This fixes an out of bounds read and segfult. Signed-off-by: Derek Buitenhuis <derek.buitenh...@gmail.com> --- Sample file: https://www.dropbox.com/s/ocu1ta6xzw8j6e7/dynamic_stream_segfault.flv?dl=0 Repro commands: 1. ffprobe -select_streams 1 -read_intervals '%+#60' -show_frames dynamic_stream_segfault.flv 2. ffprobe -select_streams 1 -show_frames dynamic_stream_segfault.flv --- fftools/ffprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c index 9b7e82fd8c..99adf615ae 100644 --- a/fftools/ffprobe.c +++ b/fftools/ffprobe.c @@ -2893,7 +2893,7 @@ static int read_interval_packets(WriterContext *w, InputFile *ifile, } av_packet_unref(pkt); //Flush remaining frames that are cached in the decoder - for (i = 0; i < fmt_ctx->nb_streams; i++) { + for (i = 0; i < ifile->nb_streams; i++) { pkt->stream_index = i; if (do_read_frames) { while (process_frame(w, ifile, frame, pkt, &(int){1}) > 0); -- 2.37.2 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
