From patchwork Tue Aug 14 18:12:58 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jacob Trimble <modmaker-at-google.com@ffmpeg.org>
X-Patchwork-Id: 9995
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 2002:a02:104:0:0:0:0:0 with SMTP id c4-v6csp4659399jad;
	Tue, 14 Aug 2018 11:20:24 -0700 (PDT)
X-Google-Smtp-Source: 
 AA+uWPzDWLzWiQAYxr23Wgf11HRP7q73f/K6cJZWL5LHj5V5yYYwcTuUGSW3GFmZrgG2c8B9VaiB
X-Received: by 2002:a5d:540d:: with SMTP id
	g13-v6mr15065866wrv.4.1534270824225;
	Tue, 14 Aug 2018 11:20:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1534270824; cv=none;
	d=google.com; s=arc-20160816;
	b=p4esO/Ralc0QNL8puYDCpxo07nlnc6MgUpEqGDHhwHS2YKw3So9Bi5uoKNjfe5T2ZM
	8L/Z1/EIF5ChG4rm+LdknjjKy0XMFD998di+GMBTN1gelwg3lIpdhj5KIFdPNplO5Trx
	IFxCiZT7rR+FAH3m4MWKlqiEJ0CAintPjyVE2rZ+Ah75VvDhchcStehbJQBarQXhah82
	L3ydxD7YvNeXJXIZqMK1nnVUnIVE7k/x1qLaidQsHNv35S0mDqVEfi6fez1ewDqELAku
	VjQTvFxTqoZZcxhGDcH5apVaC+P/EArWkxfX8/DlUnl6wqQBHa+VwNElVeFRgePE/Jf0
	ghkg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=sender:errors-to:reply-to:list-subscribe:list-help:list-post
	:list-archive:list-unsubscribe:list-id:precedence:subject:to
	:message-id:date:from:in-reply-to:references:mime-version
	:dkim-signature:delivered-to:arc-authentication-results;
	bh=80gvyajWGZm/4rk2Uwo1EfKXNk/3lNZXZD1lB5UQK+U=;
	b=zgfdnaHT0j/tZuLlCoeNdwG37LwH3TXnU/BvBU4rJOPos2SCAOSpjP73xXtAr2KGTj
	tD0rcbdLBBIGxZ24/CdrjI7YYthhFAybq83czMRXohWFGbWJPIFszgiO030K2CXKszqY
	zqPFr0TKh9rP/MjW5Bok1E9TzkCSuxWt3ZwmEUMw5CyfXHIMEUySOiN8uFg85hr8fekx
	6p63vAGDZ9XQ0Xqhy65Zp4Kfa8sYeFWrx/AmeOyfkXNqN/tDNrN41Y/uXu7M1ty7wNLz
	kVI8vpP3lU2no65s0xwuxDO+41dZLANldcEUYDQdmPPpd0Mk1k40rk8umh8yPMOyTBpa
	HqQA==
ARC-Authentication-Results: i=1; mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@google.com
	header.s=20161025 header.b=nFRumY9c;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id
	u95-v6si17935726wrc.360.2018.08.14.11.20.23;
	Tue, 14 Aug 2018 11:20:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@google.com
	header.s=20161025 header.b=nFRumY9c;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4B78368A602;
	Tue, 14 Aug 2018 21:19:58 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-lj1-f196.google.com (mail-lj1-f196.google.com
	[209.85.208.196])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0D78F68A5F1
	for <ffmpeg-devel@ffmpeg.org>; Tue, 14 Aug 2018 21:19:51 +0300 (EEST)
Received: by mail-lj1-f196.google.com with SMTP id l15-v6so16123115lji.6
	for <ffmpeg-devel@ffmpeg.org>; Tue, 14 Aug 2018 11:20:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=20161025;
	h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
	bh=YKf/KoCpm4iVQKbuyT/52gylLl3jTXD3p2xrhIzeEPI=;
	b=nFRumY9cTV9PGjBKj0Cfeml/pkUAGjJkD9aVWfYDl26M+C4k/nBvgmm1X37wRaPpnR
	yI2Vfep980uAsUFBjnOZFItDdfvH+LfyouUD5zHKupeZOrpxp1zCdAhqt61YW9wTDpe+
	B9LMydApLC0kh1u+Gn94l/qEehnZwi3YxCQ9dezbuFj7cVdX/N+Vfq5kpBnQqpWtsnkW
	Ki1C0TNNPgsItSUxbyCWOLcs72YgPc1FgXW1IaNaDMVEXF2WSG9Z+66EtX8hohb8yzHV
	PmcoSS1g71VKm3WPiSaZ2dYzmAxycgCwnzbizTxaVXYt04mBwoZE5LW0rBCWNErmI8iz
	jAPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to;
	bh=YKf/KoCpm4iVQKbuyT/52gylLl3jTXD3p2xrhIzeEPI=;
	b=IZqYgxQyrqmQsOsXQ7DP3adwh/fxWd5+jyATWrUoEBRAJv8Nkbdy2OZfxmOGaN4Jyh
	ZUkzTOj4528dr5XkR4jR/kwsluFFSSTYLTbKy0ck47LiqlvfOPlhBsfk5dUX4coZBlCj
	+o6tx/sjDPWfsyq6Vy6Hoz+wLEAtqsNE/8kCYH7nOv5B8KkWO9dhGhsoo721flEHMqsn
	WZqjPrOL72d+fLZmuRkS6TwXgeeEVEkSfHbkuPQLUVxCwZLNRX/POxfExiCoEXQerLSq
	ICZQLlrucMIHyZyZnVnpaZilWw8ZtyRQQv1dxVBRi8HX0+4l2heLJxISYLyX0Eq/c2L9
	EcaA==
X-Gm-Message-State: AOUpUlHS81L9n82yY1QCzC7srBu5X75VCvawNVEGD2ZzjhFAMwrxrLJq
	ZYyj+pujrYnFD78XmQx66nxwlZtGQFNihZFJ4KlE6Rz6
X-Received: by 2002:a2e:2e02:: with SMTP id
	u2-v6mr16796671lju.77.1534270389836;
	Tue, 14 Aug 2018 11:13:09 -0700 (PDT)
MIME-Version: 1.0
References: <20180814173903.12962-1-modmaker@google.com>
In-Reply-To: <20180814173903.12962-1-modmaker@google.com>
From: Jacob Trimble <modmaker-at-google.com@ffmpeg.org>
Date: Tue, 14 Aug 2018 11:12:58 -0700
Message-ID: 
 <CAO7y9i-WX7Q3TU+CfD6wcRDPbtRzbPv8nhiqAHHVsmRZb0a0xA@mail.gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH] avformat/mov: Allow saio/saiz in clear
	content.
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

On Tue, Aug 14, 2018 at 10:39 AM Jacob Trimble <modmaker@google.com> wrote:
>
> If there is a saio/saiz in clear content, we shouldn't create the
> encryption index if we don't already have one.  Otherwise it will
> confuse the cenc_filter.
>
> Found by Chromium's ClusterFuzz: https://crbug.com/873432
>
> Signed-off-by: Jacob Trimble <modmaker@google.com>
> ---
>  libavformat/mov.c | 28 ++++++++++++++++++----------
>  1 file changed, 18 insertions(+), 10 deletions(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index c863047d79..50bc1cab4b 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -5828,7 +5828,7 @@ static int mov_read_frma(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>   * info for this fragment; otherwise this will return the global encryption
>   * info for the current stream.
>   */
> -static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc)
> +static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc, int create)
>  {
>      MOVFragmentStreamInfo *frag_stream_info;
>      AVStream *st;
> @@ -5847,9 +5847,13 @@ static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encry
>          *sc = st->priv_data;
>
>          if (!frag_stream_info->encryption_index) {
> -            frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
> -            if (!frag_stream_info->encryption_index)
> -                return AVERROR(ENOMEM);
> +            if (create) {
> +                frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
> +                if (!frag_stream_info->encryption_index)
> +                    return AVERROR(ENOMEM);
> +            } else {
> +                return 0;
> +            }
>          }
>          *encryption_index = frag_stream_info->encryption_index;
>          return 1;
> @@ -5862,9 +5866,13 @@ static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encry
>          *sc = st->priv_data;
>
>          if (!(*sc)->cenc.encryption_index) {
> -            (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
> -            if (!(*sc)->cenc.encryption_index)
> -                return AVERROR(ENOMEM);
> +            if (create) {
> +                (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
> +                if (!(*sc)->cenc.encryption_index)
> +                    return AVERROR(ENOMEM);
> +            } else {
> +                return 0;
> +            }
>          }
>
>          *encryption_index = (*sc)->cenc.encryption_index;
> @@ -5931,7 +5939,7 @@ static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>      int use_subsamples, ret;
>      unsigned int sample_count, i, alloc_size = 0;
>
> -    ret = get_current_encryption_info(c, &encryption_index, &sc);
> +    ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 1);
>      if (ret != 1)
>          return ret;
>
> @@ -6078,7 +6086,7 @@ static int mov_read_saiz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>      int ret;
>      unsigned int sample_count, aux_info_type, aux_info_param;
>
> -    ret = get_current_encryption_info(c, &encryption_index, &sc);
> +    ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 0);
>      if (ret != 1)
>          return ret;
>
> @@ -6152,7 +6160,7 @@ static int mov_read_saio(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>      unsigned int version, entry_count, aux_info_type, aux_info_param;
>      unsigned int alloc_size = 0;
>
> -    ret = get_current_encryption_info(c, &encryption_index, &sc);
> +    ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 0);
>      if (ret != 1)
>          return ret;
>
> --
> 2.18.0.865.gffc8e1a3cd6-goog
>

After thinking of this more, this was the incorrect fix.  Attached is
the correct fix.

From 256880aca517f64257eb28342a656867d90307a7 Mon Sep 17 00:00:00 2001
From: Jacob Trimble <modmaker@google.com>
Date: Tue, 14 Aug 2018 10:18:55 -0700
Subject: [PATCH] avformat/mov: Allow saio/saiz in clear content.

If there is a saio/saiz in clear content, we shouldn't create the
encryption index if we don't already have one.  Otherwise it will
confuse the cenc_filter.

Found by Chromium's ClusterFuzz: https://crbug.com/873432

Signed-off-by: Jacob Trimble <modmaker@google.com>
---
 libavformat/mov.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index c863047d79..ee9acdb73c 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5847,6 +5847,9 @@ static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encry
         *sc = st->priv_data;
 
         if (!frag_stream_info->encryption_index) {
+            // If this stream isn't encrypted, don't create the index.
+            if (!(*sc)->cenc.default_encrypted_sample)
+                return 0;
             frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
             if (!frag_stream_info->encryption_index)
                 return AVERROR(ENOMEM);
@@ -5862,6 +5865,9 @@ static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encry
         *sc = st->priv_data;
 
         if (!(*sc)->cenc.encryption_index) {
+            // If this stream isn't encrypted, don't create the index.
+            if (!(*sc)->cenc.default_encrypted_sample)
+                return 0;
             (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
             if (!(*sc)->cenc.encryption_index)
                 return AVERROR(ENOMEM);
-- 
2.18.0.865.gffc8e1a3cd6-goog