From 92c8b79b5acc06ec608b4c5a2b1ff428dfa1a810 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Sun, 6 Sep 2020 13:24:03 +0200 Subject: [PATCH] avformat/segment: Don't overwrite AVCodecParameters after init The segment muxer copies the user-provided AVCodecParameters to the newly created child streams in its init function before initializing the child muxer; and since commit 8e6478b723affe4d44f94d34b98e0c47f6a0b411, it does this again before calling avformat_write_header() if that is called from seg_write_header(). The reason for this is complicated: At that time writing the header was delayed, i.e. it was not triggered by avformat_write_header() (unless the AVFMT_FLAG_AUTO_BSF was unset), but instead by writing the very first packet. The rationale behind this was to allow to run bitstream filters on the packets in the interleavement queue in order to generate missing extradata from them before the muxer's write_header function is actually called. The segment muxer went even further: It initialized the child muxer and ran the child muxer's check_bitstream functions on the packets in its own muxing queue and stole any bitstream filters that got inserted. The reason for this is that the segment muxer has an option to write the header to a separate file and for this it is needed to write the child muxer's header without delay, but with correct extradata. Unsetting AVFMT_FLAG_AUTO_BSF for the child muxer accomplished the first goal and stealing the bitstream filters the second; and in order for the child muxer to actually use the updated extradata, the old AVCodecParameters (set before avformat_init_output()) were overwritten with the new ones. Updating the extradata proceeded as follows: The bitstream filter itself simply updated the AVBSFContext's par_out when processing a packet, in violation of the new BSF API (where par_out may only be set in the init function); the muxing code then simply forwarded the updated extradata, overwriting the par_in of the next BSF in the BSF chain with the fresh par_out of the last one and the AVStream's par with the par_out of the last BSF. This was an API violation, too, of course, but it made remuxing ADTS AAC into mp4/matroska work. But this no longer serves a useful purpose since the aac_adtstoasc BSF was updated to propagate new extradata via packet side data in commit f63c3516577d605e51cf16358cbdfa0bc97565d8; the next commit then removed the code in mux.c passing new extradata along the filter chain. This alone justifies removing the code for setting the AVCodecParameters a second time. But there is even another reason to do so: It is harmful. The ogg muxer parses the extradata of Theora and Vorbis in its init function and keeps pointers to parts of it. Said pointers become dangling when the extradata is overwritten by the segment muxer, leading to use-after-frees as has happened in ticket #8881 which this commit fixes. Ticket #8517 is about another issue caused by this: Immediately after having overwritten the old AVCodecParameters the segment muxer checks whether the codec_tag is ok (the codec_tag is set generically when initializing the child muxer based upon muxer-specific lists). The check used is: If the child output format has such a list and if the codec tag of the non-child stream does not match the codec id given the list of codec tags and if there is a match for the codec id in the codec tag list, then set the codec tag to zero (and not to the existing match), otherwise set the codec tag of the child stream to the codec tag of the corresponding stream of the main AVFormatContext (which is btw redundant given that the child AVCodecParameters have just been overwritten with the AVCodecParameters of the corresponding stream of the main AVFormatContext). Reviewed-by: Ridley Combs Signed-off-by: Andreas Rheinhardt --- libavformat/segment.c | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/libavformat/segment.c b/libavformat/segment.c index f67456fa57..0c9b93725d 100644 --- a/libavformat/segment.c +++ b/libavformat/segment.c @@ -817,26 +817,9 @@ static int seg_write_header(AVFormatContext *s) { SegmentContext *seg = s->priv_data; AVFormatContext *oc = seg->avf; - int ret, i; + int ret; if (!seg->header_written) { - for (i = 0; i < s->nb_streams; i++) { - AVStream *st = oc->streams[i]; - AVCodecParameters *ipar, *opar; - - ipar = s->streams[i]->codecpar; - opar = oc->streams[i]->codecpar; - avcodec_parameters_copy(opar, ipar); - if (!oc->oformat->codec_tag || - av_codec_get_id (oc->oformat->codec_tag, ipar->codec_tag) == opar->codec_id || - av_codec_get_tag(oc->oformat->codec_tag, ipar->codec_id) <= 0) { - opar->codec_tag = ipar->codec_tag; - } else { - opar->codec_tag = 0; - } - st->sample_aspect_ratio = s->streams[i]->sample_aspect_ratio; - st->time_base = s->streams[i]->time_base; - } ret = avformat_write_header(oc, NULL); if (ret < 0) return ret;