PR #21527 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21527 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21527.patch
2 commits fixing a file which set codec id a little later and with parsing requested and the code fails to handle that >From c47504ef16897af73ca0f66ef8eb68ebb4ac69af Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Tue, 20 Jan 2026 04:14:08 +0100 Subject: [PATCH 1/2] avformat/flvdec: Check need_context_update when audio codec changes We did check video codecs but not audio Fixes: Assertion failure (on codec_id) in parser.c Fixes: 472097507/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6016386662203392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/flvdec.c | 43 +++++++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 12 deletions(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index c75345d882..d10fbf216e 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -301,9 +301,13 @@ static int flv_same_audio_codec(AVCodecParameters *apar, int flags, uint32_t cod } } -static void flv_set_audio_codec(AVFormatContext *s, AVStream *astream, +static int flv_set_audio_codec(AVFormatContext *s, AVStream *astream, AVCodecParameters *apar, int flv_codecid) { + FFStream *const astreami = ffstream(astream); + AVCodecParameters *par = astream->codecpar; + enum AVCodecID old_codec_id = astream->codecpar->codec_id; + switch (flv_codecid) { // no distinction between S16 and S8 PCM codec flags case FLV_CODECID_PCM: @@ -356,28 +360,34 @@ static void flv_set_audio_codec(AVFormatContext *s, AVStream *astream, break; case MKBETAG('m', 'p', '4', 'a'): apar->codec_id = AV_CODEC_ID_AAC; - return; + break; case MKBETAG('O', 'p', 'u', 's'): apar->codec_id = AV_CODEC_ID_OPUS; apar->sample_rate = 48000; - return; + break; case MKBETAG('.', 'm', 'p', '3'): apar->codec_id = AV_CODEC_ID_MP3; - return; + break; case MKBETAG('f', 'L', 'a', 'C'): apar->codec_id = AV_CODEC_ID_FLAC; - return; + break; case MKBETAG('a', 'c', '-', '3'): apar->codec_id = AV_CODEC_ID_AC3; - return; + break; case MKBETAG('e', 'c', '-', '3'): apar->codec_id = AV_CODEC_ID_EAC3; - return; + break; default: avpriv_request_sample(s, "Audio codec (%x)", flv_codecid >> FLV_AUDIO_CODECID_OFFSET); apar->codec_tag = flv_codecid >> FLV_AUDIO_CODECID_OFFSET; } + + if (!astreami->need_context_update && par->codec_id != old_codec_id) { + avpriv_request_sample(s, "Changing the codec id midstream"); + return AVERROR_PATCHWELCOME; + } + return 0; } static int flv_same_video_codec(AVCodecParameters *vpar, uint32_t flv_codecid) @@ -719,7 +729,9 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream, return ret; } else if (!strcmp(key, "audiocodecid") && apar) { int id = ((int)num_val) << FLV_AUDIO_CODECID_OFFSET; - flv_set_audio_codec(s, astream, apar, id); + int ret = flv_set_audio_codec(s, astream, apar, id); + if (ret < 0) + return ret; } else if (!strcmp(key, "audiosamplerate") && apar) { apar->sample_rate = num_val; } else if (!strcmp(key, "audiosamplesize") && apar) { @@ -1641,8 +1653,10 @@ retry_duration: st->codecpar->bits_per_coded_sample = bits_per_coded_sample; } if (!st->codecpar->codec_id) { - flv_set_audio_codec(s, st, st->codecpar, + ret = flv_set_audio_codec(s, st, st->codecpar, flags & FLV_AUDIO_CODECID_MASK); + if (ret < 0) + goto leave; flv->last_sample_rate = sample_rate = st->codecpar->sample_rate; flv->last_channels = @@ -1655,14 +1669,19 @@ retry_duration: } par->sample_rate = sample_rate; par->bits_per_coded_sample = bits_per_coded_sample; - flv_set_audio_codec(s, st, par, flags & FLV_AUDIO_CODECID_MASK); + ret = flv_set_audio_codec(s, st, par, flags & FLV_AUDIO_CODECID_MASK); + if (ret < 0) + goto leave; sample_rate = par->sample_rate; avcodec_parameters_free(&par); } } else if (stream_type == FLV_STREAM_TYPE_AUDIO) { - if (!st->codecpar->codec_id) - flv_set_audio_codec(s, st, st->codecpar, + if (!st->codecpar->codec_id) { + ret = flv_set_audio_codec(s, st, st->codecpar, codec_id ? codec_id : (flags & FLV_AUDIO_CODECID_MASK)); + if (ret < 0) + goto leave; + } // These are not signalled in the flags anymore channels = 0; -- 2.52.0 >From 9f076ed04ef2dc05c89aa04f4120f5a3aa432fc0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Tue, 20 Jan 2026 04:16:43 +0100 Subject: [PATCH 2/2] avformat/demux: Allow non opened codec in has_decode_delay_been_guessed() Fixes: assertion failure Fixes: 472097507/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6016386662203392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/demux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/demux.c b/libavformat/demux.c index 06cb8d0c54..5aa4a6c61b 100644 --- a/libavformat/demux.c +++ b/libavformat/demux.c @@ -762,7 +762,7 @@ static int has_decode_delay_been_guessed(AVStream *st) if (st->codecpar->codec_id != AV_CODEC_ID_H264) return 1; if (!sti->info) // if we have left find_stream_info then nb_decoded_frames won't increase anymore for stream copy return 1; - av_assert0(sti->avctx->codec_id == AV_CODEC_ID_H264); + av_assert0(sti->avctx->codec_id == AV_CODEC_ID_H264 || (sti->avctx->codec_id == AV_CODEC_ID_NONE && !avcodec_is_open(sti->avctx))); #if CONFIG_H264_DECODER if (sti->avctx->has_b_frames && avcodec_is_open(sti->avctx) && avpriv_h264_has_num_reorder_frames(sti->avctx) == sti->avctx->has_b_frames) -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
