[FFmpeg-devel] [PATCH v2 5/5] avformat/chromaprint: Avoid null pointer dereference
Andriy Gelman
andriy.gelman at gmail.com
Sun Oct 6 16:23:34 EEST 2019
On Sun, 06. Oct 13:56, Paul B Mahol wrote:
> On 10/6/19, Andriy Gelman <andriy.gelman at gmail.com> wrote:
> > On Sun, 06. Oct 01:49, Andriy Gelman wrote:
> >> From: Andriy Gelman <andriy.gelman at gmail.com>
> >>
> >> As of commit 21b2442f in the chromaprint library, selecting "-algorithm 2"
> >> via the ffmpeg cli creates a null pointer dereference. This can be
> >> replicated by:
> >> ./ffmpeg -f lavfi -i sine=d=20,asetnsamples=n=1000 -f chromaprint
> >> -algorithm 2 -
> >>
> >> Until this issue is resolved, this commit makes ffmpeg output an error
> >> when
> >> "-algorithm 2" is selected for chromaprint versions > 1.2.0.
> >> ---
> >> libavformat/chromaprint.c | 7 +++++++
> >> 1 file changed, 7 insertions(+)
> >>
> >> diff --git a/libavformat/chromaprint.c b/libavformat/chromaprint.c
> >> index faa92ca0db..3ecce3e08a 100644
> >> --- a/libavformat/chromaprint.c
> >> +++ b/libavformat/chromaprint.c
> >> @@ -70,6 +70,13 @@ static int write_header(AVFormatContext *s)
> >> return AVERROR(ENOMEM);
> >> }
> >>
> >> +#if CPR_VERSION_INT > AV_VERSION_INT(1, 2, 0)
> >> + if (cpr->algorithm == CHROMAPRINT_ALGORITHM_TEST3) {
> >> + av_log(s, AV_LOG_ERROR, "Algorithm 2 cannot be used with
> >> chromaprint version > 1.2.0 because of a bug in the chromaprint
> >> library\n");
> >> + goto fail;
> >> + }
> >> +#endif
> >> +
> >> if (cpr->silence_threshold != -1) {
> >> #if CPR_VERSION_INT >= AV_VERSION_INT(0, 7, 0)
> >> if (!chromaprint_set_option(cpr->ctx, "silence_threshold",
> >> cpr->silence_threshold)) {
> >> --
> >> 2.23.0
> >>
> >
> > The seg fault actually occurs in libavcodec/avfft.c in the
> > av_rdft_calc(RDFTContext *s, FFTSample *data) function, where chromaprint
> > lib parses an unitialized context s=NULL.
> >
> > Is it worth submitting a patch where contexts are checked before
> > dereferencing
> > in avfft.c?
>
> No, fix chromaprint instead, its very buggy.
ok, I submitted a bug report on their github page.
--
Andriy
More information about the ffmpeg-devel
mailing list