[FFmpeg-devel] [PATCH 1/2] avcodec/wrapped_avframe: implement wrapped_avframe decoder
Muhammad Faiz
mfcc64 at gmail.com
Mon Nov 9 18:02:21 CET 2015
On Mon, Nov 9, 2015 at 8:22 AM, wm4 <nfxjfg at googlemail.com> wrote:
> On Mon, 9 Nov 2015 08:03:54 -0800
> Muhammad Faiz <mfcc64 at gmail.com> wrote:
>
>> From 4dcbda2e585404d2d79d5afcdc13fcb699f6f158 Mon Sep 17 00:00:00 2001
>> From: Muhammad Faiz <mfcc64 at gmail.com>
>> Date: Mon, 9 Nov 2015 15:55:13 +0700
>> Subject: [PATCH 1/2] avcodec/wrapped_avframe: implement wrapped_avframe
>> decoder
>>
>> fix ticket #4985
>> for use in avdevice/lavfi
>> ---
>> libavcodec/Makefile | 1 +
>> libavcodec/allcodecs.c | 2 +-
>> libavcodec/version.h | 2 +-
>> libavcodec/wrapped_avframe.c | 32 ++++++++++++++++++++++++++++++++
>> 4 files changed, 35 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavcodec/Makefile b/libavcodec/Makefile
>> index 68a573f..c60d512 100644
>> --- a/libavcodec/Makefile
>> +++ b/libavcodec/Makefile
>> @@ -577,6 +577,7 @@ OBJS-$(CONFIG_WMV2_ENCODER) += wmv2enc.o wmv2.o \
>> msmpeg4.o msmpeg4enc.o msmpeg4data.o
>> OBJS-$(CONFIG_WNV1_DECODER) += wnv1.o
>> OBJS-$(CONFIG_WS_SND1_DECODER) += ws-snd1.o
>> +OBJS-$(CONFIG_WRAPPED_AVFRAME_DECODER) += wrapped_avframe.o
>> OBJS-$(CONFIG_WRAPPED_AVFRAME_ENCODER) += wrapped_avframe.o
>> OBJS-$(CONFIG_XAN_DPCM_DECODER) += dpcm.o
>> OBJS-$(CONFIG_XAN_WC3_DECODER) += xan.o
>> diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c
>> index 9f60d7c..3260927 100644
>> --- a/libavcodec/allcodecs.c
>> +++ b/libavcodec/allcodecs.c
>> @@ -342,7 +342,7 @@ void avcodec_register_all(void)
>> REGISTER_DECODER(VP9, vp9);
>> REGISTER_DECODER(VQA, vqa);
>> REGISTER_DECODER(WEBP, webp);
>> - REGISTER_ENCODER(WRAPPED_AVFRAME, wrapped_avframe);
>> + REGISTER_ENCDEC (WRAPPED_AVFRAME, wrapped_avframe);
>> REGISTER_ENCDEC (WMV1, wmv1);
>> REGISTER_ENCDEC (WMV2, wmv2);
>> REGISTER_DECODER(WMV3, wmv3);
>> diff --git a/libavcodec/version.h b/libavcodec/version.h
>> index 1e21f15..5eecf5b 100644
>> --- a/libavcodec/version.h
>> +++ b/libavcodec/version.h
>> @@ -29,7 +29,7 @@
>> #include "libavutil/version.h"
>>
>> #define LIBAVCODEC_VERSION_MAJOR 57
>> -#define LIBAVCODEC_VERSION_MINOR 15
>> +#define LIBAVCODEC_VERSION_MINOR 16
>> #define LIBAVCODEC_VERSION_MICRO 100
>>
>> #define LIBAVCODEC_VERSION_INT AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \
>> diff --git a/libavcodec/wrapped_avframe.c b/libavcodec/wrapped_avframe.c
>> index 13c8d8a..185a1a2 100644
>> --- a/libavcodec/wrapped_avframe.c
>> +++ b/libavcodec/wrapped_avframe.c
>> @@ -32,6 +32,8 @@
>> #include "libavutil/buffer.h"
>> #include "libavutil/pixdesc.h"
>>
>> +#if CONFIG_WRAPPED_AVFRAME_ENCODER
>> +
>> static void wrapped_avframe_release_buffer(void *unused, uint8_t *data)
>> {
>> AVFrame *frame = (AVFrame *)data;
>> @@ -71,3 +73,33 @@ AVCodec ff_wrapped_avframe_encoder = {
>> .encode2 = wrapped_avframe_encode,
>> .caps_internal = FF_CODEC_CAP_INIT_THREADSAFE,
>> };
>> +
>> +#endif
>> +
>> +#if CONFIG_WRAPPED_AVFRAME_DECODER
>> +
>> +static int wrapped_avframe_decode(AVCodecContext *avctx, void *data,
>> + int *got_frame, AVPacket *avpkt)
>> +{
>> + int ret;
>> +
>> + if (avpkt->size != sizeof(AVFrame))
>> + return AVERROR(EINVAL);
>> +
>> + if ((ret = av_frame_ref((AVFrame *) data, (AVFrame *) avpkt->data)) < 0)
>> + return ret;
>> +
>> + *got_frame = 1;
>> + return avpkt->size;
>> +}
>> +
>> +AVCodec ff_wrapped_avframe_decoder = {
>> + .name = "wrapped_avframe",
>> + .long_name = NULL_IF_CONFIG_SMALL("AVFrame to AVPacket passthrough"),
>> + .type = AVMEDIA_TYPE_VIDEO,
>> + .id = AV_CODEC_ID_WRAPPED_AVFRAME,
>> + .decode = wrapped_avframe_decode,
>> + .caps_internal = FF_CODEC_CAP_INIT_THREADSAFE,
>> +};
>> +
>> +#endif
>
> This is very dangerous. You get potentially security relevant bad
> behavior if you get anyone to force a demuxer/decoder on an untrusted
> input file.
Yes, it is. The only check is packet size. But how can we be sure that
the underlying AVPacket contains proper AVFrame?
I think it can not, even with more checks. How can we check that
the buffer of AVFrame correctly point to memory? We can not check.
But as I know, the input file should be firstly demuxed, and the
only demuxer/device currently generate wrapped_avframe is
avdevice/lavfi (PATCH 2/2) which is trusted. Does FFmpeg allow
non wrapped_avframe packet be decoded
by wrapped_avframe decoder?
If it does not, I think this patch is safe.
If it does, of course this patch is unsafe. What is the solution?
Thank's.
More information about the ffmpeg-devel
mailing list