[FFmpeg-devel] [PATCH 1/3] avformat/mov: Increase support for common encryption.

Jacob Trimble modmaker at google.com
Thu Jan 11 03:08:09 EET 2018 

On Wed, Jan 10, 2018 at 1:51 PM, Michael Niedermayer
<michael at niedermayer.cc> wrote:
> [...]
>
> This causes a crash:
>
> =================================================================
> ==4012==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000eb78 at pc 0x000000a944aa bp 0x7ffcd481ce70 sp 0x7ffcd481ce68
> READ of size 8 at 0x60200000eb78 thread T0
>     #0 0xa944a9 in mov_free_encryption_index ffmpeg/libavformat/mov.c:6615:20
>     #1 0xa6fb2b in mov_read_close ffmpeg/libavformat/mov.c:6693:13
>     #2 0xa6d96f in mov_read_header ffmpeg/libavformat/mov.c:6867:13
>     #3 0xc4a6ed in avformat_open_input ffmpeg/libavformat/utils.c:613:20
>     #4 0x4db356 in open_input_file ffmpeg/fftools/ffmpeg_opt.c:1069:11
>     #5 0x4da0e7 in open_files ffmpeg/fftools/ffmpeg_opt.c:3202:15
>     #6 0x4d9d98 in ffmpeg_parse_options ffmpeg/fftools/ffmpeg_opt.c:3242:11
>     #7 0x50e98c in main ffmpeg/fftools/ffmpeg.c:4813:11
>     #8 0x7f9cf833cf44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287
>     #9 0x420da5 in _start (ffmpeg/ffmpeg_g+0x420da5)
>
> 0x60200000eb78 is located 4 bytes to the right of 4-byte region [0x60200000eb70,0x60200000eb74)
> allocated by thread T0 here:
>     #0 0x4b126e in realloc (ffmpeg/ffmpeg_g+0x4b126e)
>     #1 0x218bbfe in av_strdup ffmpeg/libavutil/mem.c:256:15
>     #2 0x215eec1 in av_dict_set ffmpeg/libavutil/dict.c:87:22
>     #3 0x215f6e2 in av_dict_set_int ffmpeg/libavutil/dict.c:153:12
>     #4 0xa7644c in mov_read_ftyp ffmpeg/libavformat/mov.c:1109:5
>     #5 0xa6b153 in mov_read_default ffmpeg/libavformat/mov.c:6327:23
>     #6 0xa6c543 in mov_read_header ffmpeg/libavformat/mov.c:6865:20
>     #7 0xc4a6ed in avformat_open_input ffmpeg/libavformat/utils.c:613:20
>     #8 0x4db356 in open_input_file ffmpeg/fftools/ffmpeg_opt.c:1069:11
>     #9 0x4da0e7 in open_files ffmpeg/fftools/ffmpeg_opt.c:3202:15
>     #10 0x4d9d98 in ffmpeg_parse_options ffmpeg/fftools/ffmpeg_opt.c:3242:11
>     #11 0x50e98c in main ffmpeg/fftools/ffmpeg.c:4813:11
>     #12 0x7f9cf833cf44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287
>
> The input file should be here:
> https://bugs.chromium.org/p/chromium/issues/attachment?aid=177545

Fixed.

>
> [...]
>
> --
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Many things microsoft did are stupid, but not doing something just because
> microsoft did it is even more stupid. If everything ms did were stupid they
> would be bankrupt already.
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-avformat-mov-Increase-support-for-v4.patch
Type: text/x-patch
Size: 34681 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180110/65ebc78b/attachment.bin>

More information about the ffmpeg-devel mailing list