RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-28 17:51:05 +00:00
Code Issues Projects Releases Wiki Activity

libavformat/mov: Fix NULL-dereference read for some encrypted content.

Browse Source 
When reading frames, we need to use the fragment for the correct
stream.  Sometimes the "current" fragment is not the same as the one
the frame is for.

Found by Chromium's ClusterFuzz:
https://crbug.com/906392 and https://crbug.com/915524

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Jacob Trimble 2018-12-19 16:00:22 -08:00 committed by Michael Niedermayer
parent 064f9505f4
commit 555f332e7a
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavformat/mov.c
View File

@ -6557,14 +6557,14 @@ static int cenc_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *s
return 0;
}
static int cenc_filter(MOVContext *mov, MOVStreamContext *sc, AVPacket *pkt, int current_index)
static int cenc_filter(MOVContext *mov, AVStream* st, MOVStreamContext *sc, AVPacket *pkt, int current_index)
{
MOVFragmentStreamInfo *frag_stream_info;
MOVEncryptionIndex *encryption_index;
AVEncryptionInfo *encrypted_sample;
int encrypted_index, ret;
frag_stream_info = get_current_frag_stream_info(&mov->frag_index);
frag_stream_info = get_frag_stream_info(&mov->frag_index, mov->frag_index.current, st->id);
encrypted_index = current_index;
encryption_index = NULL;
if (frag_stream_info) {
@ -7794,7 +7794,7 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
if (mov->aax_mode)
aax_filter(pkt->data, pkt->size, mov);
ret = cenc_filter(mov, sc, pkt, current_index);
ret = cenc_filter(mov, st, sc, pkt, current_index);
if (ret < 0)
return ret;