[FFmpeg-devel] [PATCH v2 5/5] avformat/chromaprint: Avoid null pointer dereference
Paul B Mahol
onemda at gmail.com
Sun Oct 6 14:56:50 EEST 2019
On 10/6/19, Andriy Gelman <andriy.gelman at gmail.com> wrote:
> On Sun, 06. Oct 01:49, Andriy Gelman wrote:
>> From: Andriy Gelman <andriy.gelman at gmail.com>
>>
>> As of commit 21b2442f in the chromaprint library, selecting "-algorithm 2"
>> via the ffmpeg cli creates a null pointer dereference. This can be
>> replicated by:
>> ./ffmpeg -f lavfi -i sine=d=20,asetnsamples=n=1000 -f chromaprint
>> -algorithm 2 -
>>
>> Until this issue is resolved, this commit makes ffmpeg output an error
>> when
>> "-algorithm 2" is selected for chromaprint versions > 1.2.0.
>> ---
>> libavformat/chromaprint.c | 7 +++++++
>> 1 file changed, 7 insertions(+)
>>
>> diff --git a/libavformat/chromaprint.c b/libavformat/chromaprint.c
>> index faa92ca0db..3ecce3e08a 100644
>> --- a/libavformat/chromaprint.c
>> +++ b/libavformat/chromaprint.c
>> @@ -70,6 +70,13 @@ static int write_header(AVFormatContext *s)
>> return AVERROR(ENOMEM);
>> }
>>
>> +#if CPR_VERSION_INT > AV_VERSION_INT(1, 2, 0)
>> + if (cpr->algorithm == CHROMAPRINT_ALGORITHM_TEST3) {
>> + av_log(s, AV_LOG_ERROR, "Algorithm 2 cannot be used with
>> chromaprint version > 1.2.0 because of a bug in the chromaprint
>> library\n");
>> + goto fail;
>> + }
>> +#endif
>> +
>> if (cpr->silence_threshold != -1) {
>> #if CPR_VERSION_INT >= AV_VERSION_INT(0, 7, 0)
>> if (!chromaprint_set_option(cpr->ctx, "silence_threshold",
>> cpr->silence_threshold)) {
>> --
>> 2.23.0
>>
>
> The seg fault actually occurs in libavcodec/avfft.c in the
> av_rdft_calc(RDFTContext *s, FFTSample *data) function, where chromaprint
> lib parses an unitialized context s=NULL.
>
> Is it worth submitting a patch where contexts are checked before
> dereferencing
> in avfft.c?
No, fix chromaprint instead, its very buggy.
>
> --
> Andriy
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list