[FFmpeg-devel] [PATCH] avformat/mov: Allow saio/saiz in clear content.
Michael Niedermayer
michael at niedermayer.cc
Thu Aug 16 00:38:00 EEST 2018
On Tue, Aug 14, 2018 at 11:12:58AM -0700, Jacob Trimble wrote:
> On Tue, Aug 14, 2018 at 10:39 AM Jacob Trimble <modmaker at google.com> wrote:
> >
> > If there is a saio/saiz in clear content, we shouldn't create the
> > encryption index if we don't already have one. Otherwise it will
> > confuse the cenc_filter.
> >
> > Found by Chromium's ClusterFuzz: https://crbug.com/873432
> >
> > Signed-off-by: Jacob Trimble <modmaker at google.com>
> > ---
> > libavformat/mov.c | 28 ++++++++++++++++++----------
> > 1 file changed, 18 insertions(+), 10 deletions(-)
> >
> > diff --git a/libavformat/mov.c b/libavformat/mov.c
> > index c863047d79..50bc1cab4b 100644
> > --- a/libavformat/mov.c
> > +++ b/libavformat/mov.c
> > @@ -5828,7 +5828,7 @@ static int mov_read_frma(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> > * info for this fragment; otherwise this will return the global encryption
> > * info for the current stream.
> > */
> > -static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc)
> > +static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc, int create)
> > {
> > MOVFragmentStreamInfo *frag_stream_info;
> > AVStream *st;
> > @@ -5847,9 +5847,13 @@ static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encry
> > *sc = st->priv_data;
> >
> > if (!frag_stream_info->encryption_index) {
> > - frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
> > - if (!frag_stream_info->encryption_index)
> > - return AVERROR(ENOMEM);
> > + if (create) {
> > + frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
> > + if (!frag_stream_info->encryption_index)
> > + return AVERROR(ENOMEM);
> > + } else {
> > + return 0;
> > + }
> > }
> > *encryption_index = frag_stream_info->encryption_index;
> > return 1;
> > @@ -5862,9 +5866,13 @@ static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encry
> > *sc = st->priv_data;
> >
> > if (!(*sc)->cenc.encryption_index) {
> > - (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
> > - if (!(*sc)->cenc.encryption_index)
> > - return AVERROR(ENOMEM);
> > + if (create) {
> > + (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
> > + if (!(*sc)->cenc.encryption_index)
> > + return AVERROR(ENOMEM);
> > + } else {
> > + return 0;
> > + }
> > }
> >
> > *encryption_index = (*sc)->cenc.encryption_index;
> > @@ -5931,7 +5939,7 @@ static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> > int use_subsamples, ret;
> > unsigned int sample_count, i, alloc_size = 0;
> >
> > - ret = get_current_encryption_info(c, &encryption_index, &sc);
> > + ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 1);
> > if (ret != 1)
> > return ret;
> >
> > @@ -6078,7 +6086,7 @@ static int mov_read_saiz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> > int ret;
> > unsigned int sample_count, aux_info_type, aux_info_param;
> >
> > - ret = get_current_encryption_info(c, &encryption_index, &sc);
> > + ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 0);
> > if (ret != 1)
> > return ret;
> >
> > @@ -6152,7 +6160,7 @@ static int mov_read_saio(MOVContext *c, AVIOContext *pb, MOVAtom atom)
> > unsigned int version, entry_count, aux_info_type, aux_info_param;
> > unsigned int alloc_size = 0;
> >
> > - ret = get_current_encryption_info(c, &encryption_index, &sc);
> > + ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 0);
> > if (ret != 1)
> > return ret;
> >
> > --
> > 2.18.0.865.gffc8e1a3cd6-goog
> >
>
> After thinking of this more, this was the incorrect fix. Attached is
> the correct fix.
> mov.c | 6 ++++++
> 1 file changed, 6 insertions(+)
> 0e583b4ad11852ce38a2b945644e178b7f13a42f 0001-avformat-mov-Allow-saio-saiz-in-clear-content-v2.patch
> From 256880aca517f64257eb28342a656867d90307a7 Mon Sep 17 00:00:00 2001
> From: Jacob Trimble <modmaker at google.com>
> Date: Tue, 14 Aug 2018 10:18:55 -0700
> Subject: [PATCH] avformat/mov: Allow saio/saiz in clear content.
This code is used in saio/saiz/senc. The message only mentions the first
2.
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Whats the most studid thing your enemy could do ? Blow himself up
Whats the most studid thing you could do ? Give up your rights and
freedom because your enemy blew himself up.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180815/48d291a1/attachment.sig>
More information about the ffmpeg-devel
mailing list