[FFmpeg-devel] [PATCH] libavformat/mov: Fix NULL-dereference read for some encrypted content.
Jacob Trimble
modmaker at google.com
Thu Dec 20 02:00:22 EET 2018
When reading frames, we need to use the fragment for the correct
stream. Sometimes the "current" fragment is not the same as the one
the frame is for.
Found by Chromium's ClusterFuzz:
https://crbug.com/906392 and https://crbug.com/915524
Signed-off-by: Jacob Trimble <modmaker at google.com>
---
libavformat/mov.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index fb95fd2fef..cefdedb1bd 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -6561,14 +6561,14 @@ static int cenc_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *s
return 0;
}
-static int cenc_filter(MOVContext *mov, MOVStreamContext *sc, AVPacket *pkt, int current_index)
+static int cenc_filter(MOVContext *mov, AVStream* st, MOVStreamContext *sc, AVPacket *pkt, int current_index)
{
MOVFragmentStreamInfo *frag_stream_info;
MOVEncryptionIndex *encryption_index;
AVEncryptionInfo *encrypted_sample;
int encrypted_index, ret;
- frag_stream_info = get_current_frag_stream_info(&mov->frag_index);
+ frag_stream_info = get_frag_stream_info(&mov->frag_index, mov->frag_index.current, st->id);
encrypted_index = current_index;
encryption_index = NULL;
if (frag_stream_info) {
@@ -7798,7 +7798,7 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
if (mov->aax_mode)
aax_filter(pkt->data, pkt->size, mov);
- ret = cenc_filter(mov, sc, pkt, current_index);
+ ret = cenc_filter(mov, st, sc, pkt, current_index);
if (ret < 0)
return ret;
--
2.20.1.415.g653613c723-goog
More information about the ffmpeg-devel
mailing list