If there is a saio/saiz in clear content, we shouldn't create the encryption index if we don't already have one. Otherwise it will confuse the cenc_filter.
Found by Chromium's ClusterFuzz: https://crbug.com/873432 Signed-off-by: Jacob Trimble <modma...@google.com> --- libavformat/mov.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index c863047d79..50bc1cab4b 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5828,7 +5828,7 @@ static int mov_read_frma(MOVContext *c, AVIOContext *pb, MOVAtom atom) * info for this fragment; otherwise this will return the global encryption * info for the current stream. */ -static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc) +static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc, int create) { MOVFragmentStreamInfo *frag_stream_info; AVStream *st; @@ -5847,9 +5847,13 @@ static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encry *sc = st->priv_data; if (!frag_stream_info->encryption_index) { - frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index)); - if (!frag_stream_info->encryption_index) - return AVERROR(ENOMEM); + if (create) { + frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index)); + if (!frag_stream_info->encryption_index) + return AVERROR(ENOMEM); + } else { + return 0; + } } *encryption_index = frag_stream_info->encryption_index; return 1; @@ -5862,9 +5866,13 @@ static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encry *sc = st->priv_data; if (!(*sc)->cenc.encryption_index) { - (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index)); - if (!(*sc)->cenc.encryption_index) - return AVERROR(ENOMEM); + if (create) { + (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index)); + if (!(*sc)->cenc.encryption_index) + return AVERROR(ENOMEM); + } else { + return 0; + } } *encryption_index = (*sc)->cenc.encryption_index; @@ -5931,7 +5939,7 @@ static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom) int use_subsamples, ret; unsigned int sample_count, i, alloc_size = 0; - ret = get_current_encryption_info(c, &encryption_index, &sc); + ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 1); if (ret != 1) return ret; @@ -6078,7 +6086,7 @@ static int mov_read_saiz(MOVContext *c, AVIOContext *pb, MOVAtom atom) int ret; unsigned int sample_count, aux_info_type, aux_info_param; - ret = get_current_encryption_info(c, &encryption_index, &sc); + ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 0); if (ret != 1) return ret; @@ -6152,7 +6160,7 @@ static int mov_read_saio(MOVContext *c, AVIOContext *pb, MOVAtom atom) unsigned int version, entry_count, aux_info_type, aux_info_param; unsigned int alloc_size = 0; - ret = get_current_encryption_info(c, &encryption_index, &sc); + ret = get_current_encryption_info(c, &encryption_index, &sc, /* create */ 0); if (ret != 1) return ret; -- 2.18.0.865.gffc8e1a3cd6-goog _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
