Hi, Thilo https://patchwork.ffmpeg.org/project/ffmpeg/patch/20210826144024.95697-1-cy...@connect.ust.hk/
I hope this email finds you well. I am writing you to discuss whether it is possible to collaboratively apply CVE IDs for these issues. Below is my understanding after eyeballing them for a while: These two bug-located functions are registered as callbacks in the AVInputFormat structure, which means that they can be invoked multiple times. Thus, the unreleased lock problems could result in deadlocks, wreaking a DoS. Moreover, previous CVE also shows that missing lock releases are potential risks for the system, such as these two CVE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2650 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340 Looking forward to more interesting discussion. Let me know what I can help you with. Thanks so much, Chengfeng 获取 Outlook for iOS<https://aka.ms/o0ukef> ________________________________ 发件人: ffmpeg-devel <ffmpeg-devel-boun...@ffmpeg.org> 代表 Thilo Borgmann <thilo.borgm...@mail.de> 发送时间: Friday, September 17, 2021 9:32:39 PM 收件人: ffmpeg-devel@ffmpeg.org <ffmpeg-devel@ffmpeg.org> 主题: Re: [FFmpeg-devel] [PATCH 1/2] libavdevice/avfoundation.m: fix protential unreleased lock issue Am 26.08.21 um 16:40 schrieb Chengfeng Ye: > The problem here is that the lock ctx->frame_lock will > become an unreleased lock if the program returns at > line 697, line 735 and line744. > > Cc: cy...@connect.ust.hk > Bug tracker link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac.ffmpeg.org%2Fticket%2F9385%2F%23ticket&data=04%7C01%7Ccyeaa%40connect.ust.hk%7C410d533d51004a8b100b08d979dfa7c1%7C6c1d415239d044ca88d9b8d6ddca0708%7C1%7C0%7C637674823770955787%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OgH7jfZNs1oettfBusfZpTx3maIGFcImvVJfpjGhkPQ%3D&reserved=0 > > Signed-off-by: Chengfeng Ye <cy...@connect.ust.hk> > --- > libavdevice/avfoundation.m | 3 +++ > 1 file changed, 3 insertions(+) Pushed, thanks! -Thilo _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fffmpeg.org%2Fmailman%2Flistinfo%2Fffmpeg-devel&data=04%7C01%7Ccyeaa%40connect.ust.hk%7C410d533d51004a8b100b08d979dfa7c1%7C6c1d415239d044ca88d9b8d6ddca0708%7C1%7C0%7C637674823770955787%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AD7wj9MQmb%2BbgnAsM0REWmlM2Y%2BzPYEoRLV95CgZZSw%3D&reserved=0 To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
