[FFmpeg-devel] [PATCH 1/2] avformat/oggparsevorbis: Update context on double init
Paul B Mahol
onemda at gmail.com
Tue Apr 7 11:55:39 EEST 2020
On 4/6/20, Michael Niedermayer <michael at niedermayer.cc> wrote:
> On Mon, Apr 06, 2020 at 12:00:21PM +0200, Anton Khirnov wrote:
>> Quoting Michael Niedermayer (2020-04-05 00:38:41)
>> > Fixes: memleak
>>
>> Memleak of what/where/why? This is highly non-obvious.
>
> yes, i tend to be terse on "security" fixes so as not to provide a
> "how to exploit"
>
> what leaks is the AVVorbisParseContext it leaks as there is no check for it
> being already allocated.
> I attempted to add such a check but that was rejected by paul with no
> further
> comment.
> See: 0113 10:59 To FFmpeg devel (1,4K) [FFmpeg-devel] [PATCH]
> avformat/oggparsevorbis: Error out on double init of vp
>
> This patch works around that by preventing the demuxer allocated extradata
> from being replaced by the NULL extradata from the decoder
> As there is a check for double allocating the extradata that will protect
> also from AVVorbisParseContext double allocation
>
> that said, the whole back and forth copying of parameters we have in
> libavformat now a days is not pretty and every time i look at it it
> feels fragile. Iam a bit surprised this doesnt cause more problems
>
> There are of course other ways to fix this, i did tend towards a
> simple (hopefully) easy to backport fix
>
> What do you prefer ?
I rejected patch, because Lynee reported over IRC, which you
thankfully completely ignored, bug that stops playing files.
>
> Thanks
>
> [...]
> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Does the universe only have a finite lifespan? No, its going to go on
> forever, its just that you wont like living in it. -- Hiranya Peiri
>
More information about the ffmpeg-devel
mailing list