[FFmpeg-devel] [PATCH] avformat/mov: Allow saio/saiz in clear content.

[Jacob Trimble]

If there is a saio/saiz in clear content, we shouldn't create the
encryption index if we don't already have one.  Otherwise it will
confuse the cenc_filter.

Found by Chromium's ClusterFuzz: https://crbug.com/873432

Signed-off-by: Jacob Trimble <modmaker at google.com>
---
 libavformat/mov.c | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index c863047d79..50bc1cab4b 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5828,7 +5828,7 @@ static int mov_read_frma(MOVContext *c, AVIOContext *pb, MOVAtom atom)
  * info for this fragment; otherwise this will return the global encryption
  * info for the current stream.
  */
-static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc)
+static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc, int create)
 {
     MOVFragmentStreamInfo *frag_stream_info;
     AVStream *st;
@@ -5847,9 +5847,13 @@ static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encry
         *sc = st->priv_data;
 
         if (!frag_stream_info->encryption_index) {
-            frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
-            if (!frag_stream_info->encryption_index)
-                return AVERROR(ENOMEM);
+            if (create) {
+                frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
+                if (!frag_stream_info->encryption_index)
+                    return AVERROR(ENOMEM);
+            } else {
+                return 0;
+            }
         }
         *encryption_index = frag_stream_info->encryption_index;
         return 1;
@@ -5862,9 +5866,13 @@ static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encry
         *sc = st->priv_data;
 
         if (!(*sc)->cenc.encryption_index) {
-            (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
-            if (!(*sc)->cenc.encryption_index)
-                return AVERROR(ENOMEM);
+            if (create) {
+                (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
+                if (!(*sc)->cenc.encryption_index)
+                    return AVERROR(ENOMEM);
+            } else {
+                return 0;
+            }
         }
 
         *encryption_index = (*sc)->cenc.encryption_index;
@@ -5931,7 +5939,7 @@ static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     int use_subsamples, ret;
     unsigned int sample_count, i, alloc_size = 0;
 
-    ret = get_current_encryption_info(c, &encryption_index, &sc);
+    ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 1);
     if (ret != 1)
         return ret;
 
@@ -6078,7 +6086,7 @@ static int mov_read_saiz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     int ret;
     unsigned int sample_count, aux_info_type, aux_info_param;
 
-    ret = get_current_encryption_info(c, &encryption_index, &sc);
+    ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 0);
     if (ret != 1)
         return ret;
 
@@ -6152,7 +6160,7 @@ static int mov_read_saio(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     unsigned int version, entry_count, aux_info_type, aux_info_param;
     unsigned int alloc_size = 0;
 
-    ret = get_current_encryption_info(c, &encryption_index, &sc);
+    ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 0);
     if (ret != 1)
         return ret;
 
-- 
2.18.0.865.gffc8e1a3cd6-goog