[FFmpeg-devel] [PATCH 1/2] avformat/oggparsevorbis: Update context on double init
Michael Niedermayer
michael at niedermayer.cc
Mon Apr 6 16:15:17 EEST 2020
On Mon, Apr 06, 2020 at 12:00:21PM +0200, Anton Khirnov wrote:
> Quoting Michael Niedermayer (2020-04-05 00:38:41)
> > Fixes: memleak
>
> Memleak of what/where/why? This is highly non-obvious.
yes, i tend to be terse on "security" fixes so as not to provide a
"how to exploit"
what leaks is the AVVorbisParseContext it leaks as there is no check for it
being already allocated.
I attempted to add such a check but that was rejected by paul with no further
comment.
See: 0113 10:59 To FFmpeg devel (1,4K) [FFmpeg-devel] [PATCH] avformat/oggparsevorbis: Error out on double init of vp
This patch works around that by preventing the demuxer allocated extradata
from being replaced by the NULL extradata from the decoder
As there is a check for double allocating the extradata that will protect
also from AVVorbisParseContext double allocation
that said, the whole back and forth copying of parameters we have in
libavformat now a days is not pretty and every time i look at it it
feels fragile. Iam a bit surprised this doesnt cause more problems
There are of course other ways to fix this, i did tend towards a
simple (hopefully) easy to backport fix
What do you prefer ?
Thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Does the universe only have a finite lifespan? No, its going to go on
forever, its just that you wont like living in it. -- Hiranya Peiri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200406/dd6bf410/attachment.sig>
More information about the ffmpeg-devel
mailing list