[FFmpeg-cvslog] r19973 - trunk/libavcodec/utils.c
Reimar Döffinger
Reimar.Doeffinger
Wed Sep 23 20:35:19 CEST 2009
On Wed, Sep 23, 2009 at 04:53:11PM +0200, Michael Niedermayer wrote:
> On Wed, Sep 23, 2009 at 04:25:22AM +0300, Uoti Urpala wrote:
> > On Wed, 2009-09-23 at 00:44 +0200, michael wrote:
> > > Log:
> > > Check codec_id and codec_type in avcodec_open(), based on 43_codec_type_mismatch.patch from chrome
> > > This is said to be able to lead to a stack based buffer overflow.
> > >
> > > Modified:
> > > trunk/libavcodec/utils.c
> > >
> > > Modified: trunk/libavcodec/utils.c
> > > ==============================================================================
> > > --- trunk/libavcodec/utils.c Tue Sep 22 22:38:03 2009 (r19972)
> > > +++ trunk/libavcodec/utils.c Wed Sep 23 00:44:56 2009 (r19973)
> > > @@ -481,7 +481,10 @@ int attribute_align_arg avcodec_open(AVC
> > > }
> > >
> > > avctx->codec = codec;
> > > - avctx->codec_id = codec->id;
> > > + if(avctx->codec_id != codec->id || avctx->codec_type != codec->type){
> > > + av_log(avctx, AV_LOG_ERROR, "codec type or id mismatches\n");
> > > + goto end;
> > > + }
> >
> > What's the point of this? Is the application supposed to set those
> > before calling avcodec_open()? If so then why couldn't FFmpeg set them
> > just as well instead of checking they're already set? Or what kind of
> > usage is assumed where they could already be set to different values and
> > checking it could be meaningful? Is this about FFmpeg itself using
> > avcodec_open() internally in an unsafe way?
> >
> > At least MPlayer does not set avctx->codec_id or avctx->codec_type
> > before calling avcodec_open() and so wouldn't work with this change. Of
> > course setting them would be trivial, but does requiring that really
> > make sense for the API?
>
> A patch that sets codec_id to codec->codec_id if they are both at
> CODEC_ID_NONE/CODEC_TYPE_"correct" is welcome
> codec_type has to be correct because avcodec_alloc_context2() sets it
Uh... avcodec_alloc_context is the current API, avcodec_alloc_context2
isn't even public yet.
More information about the ffmpeg-cvslog
mailing list