From patchwork Sat Jun 18 19:16:34 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 36320
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:1a22:b0:84:42e0:ad30 with SMTP id cj34csp810686pzb;
        Sat, 18 Jun 2022 12:16:51 -0700 (PDT)
X-Google-Smtp-Source: 
 AGRyM1ulR5Gq7oN77h4JFl3U5EB1VpbIoLqnOKCUB66Hr/nj0aMx6wh9HpjvbuesAbURD+bfjPxV
X-Received: by 2002:a17:907:a40e:b0:721:9b87:7096 with SMTP id
 sg14-20020a170907a40e00b007219b877096mr3075443ejc.285.1655579811020;
        Sat, 18 Jun 2022 12:16:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1655579811; cv=none;
        d=google.com; s=arc-20160816;
        b=R4X7PrItsKu+XMiBangrT5KvKr+ZUO09ZGVQiEMGKGawUbyU8E7VxjEq3aIBTuR4ll
         AglmCGq1S6WE3x3dkKIda0iygViqS9kpp/lv3lREPahxeKQLamPaSzYHC0Ux2rFqG2y9
         xhLnT0J+u2+oxc8DPO29bigNEKcgW3eZCXTxp76KTxPzWZCUoadgtoWn82gejO21zALL
         lf6VyUHJZS+uJUWQg3ySTgLBnlH5vzVmbR3y4LtRX4C04wxWyKKuMqe3qq0vIfrGWF1j
         x4CJy6kWMIJfM11Wzrd2AIAWHSB+ZuxvdNQraML6/jSXfeGrNAeAqT/rO7E0RslGggOe
         rThQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:message-id:date:to:from:delivered-to;
        bh=qFZxkm32VdTqpggHGoZRO3qkjDB/y3fBPUjYVoKrRIY=;
        b=UejIFH/3ZeWH7MIAt1uZYgxX6vsnVCjdA9i42a4mqpd74q2Cjnw3fwCQpWZfLkmMrg
         7BBw/MmvmQrOpz5Hre4atLtl3ALvdW6SUx6z0tAp4HFZL/aHjGkif97Shc75Ir2clH8F
         pnSV+FLqQMDRsH0YTrizIy1YY9J6rQrubSSQkkIw0YjlWb09Fe8WMITz5cQ0NfbFwcmo
         QHHXYsObRh+O4bVIiLNiqDRlcdCVlENK8FPdXBqvOY04YfXN1Ym4fgSDzSQzSbf/UfRw
         0jv7zBuT3Ts5UA9bDbUqTJozNzYHQIxe6asqh+GP9FWy+VWhUETXj1KAoQRcUfI2T6CP
         WE2w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 g21-20020a1709065d1500b0071210178d10si4648450ejt.741.2022.06.18.12.16.50;
        Sat, 18 Jun 2022 12:16:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 72BF368B41F;
	Sat, 18 Jun 2022 22:16:46 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-at03-1.mx.upcmail.net
 (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E8460689B6B
 for <ffmpeg-devel@ffmpeg.org>; Sat, 18 Jun 2022 22:16:39 +0300 (EEST)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1o2dvy-002WM3-QA
 for ffmpeg-devel@ffmpeg.org; Sat, 18 Jun 2022 21:16:38 +0200
Received: from ren-mail-psmtp-mg01. ([80.109.253.241])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id 2dvroXU2u8s8U2dvyokPu7; Sat, 18 Jun 2022 21:16:38 +0200
Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP
 id 2dvxodUdDOPqF2dvxoqw1E; Sat, 18 Jun 2022 21:16:38 +0200
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.4 cv=OcX7sjfY c=1 sm=1 tr=0 ts=62ae2496
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8
 a=e7X-CqB84J0Fa-SPJ20A:9
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sat, 18 Jun 2022 21:16:34 +0200
Message-Id: <20220618191637.16712-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
X-CMAE-Envelope: 
 MS4wfFTNH5w8RhbZEHxrVw7tAW41MrqPC5gCaRgh9W0/j7hZu1ixOJoRCcsokcVbXoaTCjCv9JVl/igE2bhWQ650ER5b6oylWgnMPwnfj0mALWz23pGDTl5N
 NkMcQ3mVgHbKOq7cHBEZqoho9gMXg32tw70waI0RFDG0G3HR0Sk1c/9uxB1dRPeVArfUTrJ1LPMjYw==
Subject: [FFmpeg-devel] [PATCH 1/4] avformat/mov: Avoid cloning encryption
 info if its unchanged
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: HnLLZ2xD1mNI

Fixes: OOM
Fixes: 45834/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5419540462305280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/mov.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 3ec0ea2361..c93e13c8cd 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -6187,9 +6187,12 @@ static int mov_read_sample_encryption_info(MOVContext *c, AVIOContext *pb, MOVSt
         return AVERROR_INVALIDDATA;
     }
 
-    *sample = av_encryption_info_clone(sc->cenc.default_encrypted_sample);
-    if (!*sample)
-        return AVERROR(ENOMEM);
+    if (sc->cenc.per_sample_iv_size || use_subsamples) {
+        *sample = av_encryption_info_clone(sc->cenc.default_encrypted_sample);
+        if (!*sample)
+            return AVERROR(ENOMEM);
+    } else
+        *sample = NULL;
 
     if (sc->cenc.per_sample_iv_size != 0) {
         if ((ret = ffio_read_size(pb, (*sample)->iv, sc->cenc.per_sample_iv_size)) < 0) {
@@ -7120,6 +7123,8 @@ static int cenc_filter(MOVContext *mov, AVStream* st, MOVStreamContext *sc, AVPa
         } else if (encrypted_index >= 0 && encrypted_index < encryption_index->nb_encrypted_samples) {
             // Per-sample setting override.
             encrypted_sample = encryption_index->encrypted_samples[encrypted_index];
+            if (!encrypted_sample)
+                encrypted_sample = sc->cenc.default_encrypted_sample;
         } else {
             av_log(mov->fc, AV_LOG_ERROR, "Incorrect number of samples in encryption info\n");
             return AVERROR_INVALIDDATA;