[FFmpeg-devel] [PATCH 1/3] avformat/mov: Increase support for common encryption.
Jacob Trimble
modmaker at google.com
Tue Jan 9 20:25:12 EET 2018
On Mon, Jan 8, 2018 at 5:19 PM, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
> 2018-01-08 23:16 GMT+01:00 Jacob Trimble <modmaker-at-google.com at ffmpeg.org>:
>>> You can't remove API just like that without a deprecation period.
>>> Add a new av_aes_ctr_set_full_iv() function, and either leave
>>> av_aes_ctr_set_iv() alone or deprecate it if it effectively becomes
>>> superfluous after adding the new function.
>>>
>>> Also, this patch needs to be split in three. One for the aes_crt
>>> changes, one for the encryption_info changes, and one for mov changes,
>>> with a minor libavutil version bump for the former two, and the
>>> corresponding APIChanges entry.
>>> Alternatively, you could also squash the new encryption_info API from
>>> this patch into the one that actually introduces the entire feature.
>>
>> Whoops, I thought that was internal-only. Done and split into its own change.
>>
>> On Sat, Jan 6, 2018 at 7:30 AM, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>>> 2018-01-05 20:49 GMT+01:00 Jacob Trimble <modmaker-at-google.com at ffmpeg.org>:
>>>
>>>> + if (!frag_stream_info->encryption_index) {
>>>> + frag_stream_info->encryption_index = av_mallocz(sizeof(MOVEncryptionIndex));
>>>
>>> sizeof(variable), please.
>
> Do you disagree?
> I have no strong opinion, but I thought it makes the code more robust...
I did it most other places, but forgot it here. Done.
>
>>> [...]
>>>
>>>> + sample_count = avio_rb32(pb);
>>>> +
>>>> + encryption_index->encrypted_samples =
>>>> av_mallocz_array(sizeof(AVEncryptionInfo*), sample_count);
>>>
>>> This should be avoided if possible, see below.
>>>
>>>> + if (!encryption_index->encrypted_samples) {
>>>> return AVERROR(ENOMEM);
>>>> }
>>>> + encryption_index->nb_encrypted_samples = sample_count;
>>>>
>>>> - return av_aes_ctr_init(sc->cenc.aes_ctr, c->decryption_key);
>>>> + for (i = 0; i < sample_count; i++) {
>>>
>>> Please check here for eof...
>>>
>>>> + ret = mov_read_sample_encryption_info(c, pb, sc,
>>>> &encryption_index->encrypted_samples[i], use_subsamples);
>>>
>>> ... and insert a realloc here to avoid the large allocation above, see 1112ba01.
>>
>> Done.
>
>> + if (use_subsamples) {
>> + subsample_count = avio_rb16(pb);
>> + for (i = 0; i < subsample_count && !pb->eof_reached; i++) {
>> + unsigned int min_subsamples = FFMIN(FFMAX(i, 1024 * 1024), subsample_count);
>> + subsamples = av_fast_realloc((*sample)->subsamples, &alloc_size,
>> + min_subsamples * sizeof(*subsamples));
>
> The reason I did not comment on this block in the last mail is that
> iiuc, the maximum allocation here is INT16_MAX * 8 which seems
> acceptable (and there cannot be a realloc with the chosen initial
> limit).
Ok, changed back.
>
>> + sample_count = avio_rb32(pb);
>
> You have to check here...
>
> + for (i = 0; i < sample_count && !pb->eof_reached; i++) {
> + unsigned int min_samples = FFMIN(FFMAX(i, 1024 * 1024), sample_count);
> + encrypted_samples =
> av_fast_realloc(encryption_index->encrypted_samples, &alloc_size,
>
> + min_samples *
> sizeof(*encrypted_samples));
>
> ... if this product could overflow for the final reallocation, see 1112ba01.
Done
>
> Thank you, Carl Eugen
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-avformat-mov-Increase-support-for-v3.patch
Type: text/x-patch
Size: 34648 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180109/eb642ad2/attachment.bin>
More information about the ffmpeg-devel
mailing list