ffmpeg | branch: master | ShuangxiLi <lishuan...@huawei.com> | Sat Jul 2 15:40:57 2022 +0800| [046b05082dee1df500fc36b3db884101f7449383] | committer: Marton Balint
avformat/mov: fix possible crash in cenc_scheme_decrypt Data does not have to be decrypted in 16-byte blocks for AES-CTR mode, so existing buggy code can be hugely simplified. Fixes ticket #9829. Signed-off-by: Marton Balint <c...@passwd.hu> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=046b05082dee1df500fc36b3db884101f7449383 --- libavformat/mov.c | 29 ++--------------------------- 1 file changed, 2 insertions(+), 27 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 6eb631d45b..29828ea7e6 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -6824,9 +6824,6 @@ static int cenc_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption { int i, ret; int bytes_of_protected_data; - int partially_encrypted_block_size; - uint8_t *partially_encrypted_block; - uint8_t block[16]; if (!sc->cenc.aes_ctr) { /* initialize the cipher */ @@ -6849,8 +6846,6 @@ static int cenc_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption return 0; } - partially_encrypted_block_size = 0; - for (i = 0; i < sample->subsample_count; i++) { if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) { av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n"); @@ -6863,28 +6858,8 @@ static int cenc_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption /* decrypt the encrypted bytes */ - if (partially_encrypted_block_size) { - memcpy(block, partially_encrypted_block, partially_encrypted_block_size); - memcpy(block+partially_encrypted_block_size, input, 16-partially_encrypted_block_size); - av_aes_ctr_crypt(sc->cenc.aes_ctr, block, block, 16); - memcpy(partially_encrypted_block, block, partially_encrypted_block_size); - memcpy(input, block+partially_encrypted_block_size, 16-partially_encrypted_block_size); - input += 16-partially_encrypted_block_size; - size -= 16-partially_encrypted_block_size; - bytes_of_protected_data = sample->subsamples[i].bytes_of_protected_data - (16-partially_encrypted_block_size); - } else { - bytes_of_protected_data = sample->subsamples[i].bytes_of_protected_data; - } - - if (i < sample->subsample_count-1) { - int num_of_encrypted_blocks = bytes_of_protected_data/16; - partially_encrypted_block_size = bytes_of_protected_data%16; - if (partially_encrypted_block_size) - partially_encrypted_block = input + 16*num_of_encrypted_blocks; - av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, 16*num_of_encrypted_blocks); - } else { - av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, bytes_of_protected_data); - } + bytes_of_protected_data = sample->subsamples[i].bytes_of_protected_data; + av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, bytes_of_protected_data); input += bytes_of_protected_data; size -= bytes_of_protected_data; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
