aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDerek Buitenhuis <derek.buitenhuis@gmail.com>2022-11-03 15:07:39 +0000
committerDerek Buitenhuis <derek.buitenhuis@gmail.com>2022-11-07 16:13:45 +0000
commitd1366c41672f8767fa124b43e49d2d0ae7e776db (patch)
tree73d3ff321563023780f8b17dad07471c639aae66
parent202b7a9ae7be232a819acee666ed7b9835fd67ff (diff)
downloadffmpeg-d1366c41672f8767fa124b43e49d2d0ae7e776db.tar.gz
fftools/ffprobe: Loop over correct number of streams when flushing decoders
Some formats like FLV can dynamically add streams during packet reading. FFprobe does check for this and reallocates the global stream info, but does not reallocate InputFrame's streams and decoders when this happens, which, as a result, could have caused flushing to occur on an out of bounds stream index, since the flush loop iterates over fmt_ctx's nb_streams, and not ifile's, despite using ifile's streams. This fixes an out of bounds read and segfult. Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
-rw-r--r--fftools/ffprobe.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c
index 9b7e82fd8c..99adf615ae 100644
--- a/fftools/ffprobe.c
+++ b/fftools/ffprobe.c
@@ -2893,7 +2893,7 @@ static int read_interval_packets(WriterContext *w, InputFile *ifile,
}
av_packet_unref(pkt);
//Flush remaining frames that are cached in the decoder
- for (i = 0; i < fmt_ctx->nb_streams; i++) {
+ for (i = 0; i < ifile->nb_streams; i++) {
pkt->stream_index = i;
if (do_read_frames) {
while (process_frame(w, ifile, frame, pkt, &(int){1}) > 0);