[FFmpeg-devel] [PATCH 1/2] avcodec/wrapped_avframe: implement wrapped_avframe decoder

Muhammad Faiz mfcc64 at gmail.com
Tue Nov 10 10:54:17 CET 2015 

On Mon, Nov 9, 2015 at 11:22 PM, wm4 <nfxjfg at googlemail.com> wrote:
> On Mon, 9 Nov 2015 08:03:54 -0800
> Muhammad Faiz <mfcc64 at gmail.com> wrote:
>
>> From 4dcbda2e585404d2d79d5afcdc13fcb699f6f158 Mon Sep 17 00:00:00 2001
>> From: Muhammad Faiz <mfcc64 at gmail.com>
>> Date: Mon, 9 Nov 2015 15:55:13 +0700
>> Subject: [PATCH 1/2] avcodec/wrapped_avframe: implement wrapped_avframe
>>  decoder
>>
>> fix ticket #4985
>> for use in avdevice/lavfi
>> ---
>>  libavcodec/Makefile          |  1 +
>>  libavcodec/allcodecs.c       |  2 +-
>>  libavcodec/version.h         |  2 +-
>>  libavcodec/wrapped_avframe.c | 32 ++++++++++++++++++++++++++++++++
>>  4 files changed, 35 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavcodec/Makefile b/libavcodec/Makefile
>> index 68a573f..c60d512 100644
>> --- a/libavcodec/Makefile
>> +++ b/libavcodec/Makefile
>> @@ -577,6 +577,7 @@ OBJS-$(CONFIG_WMV2_ENCODER)            += wmv2enc.o wmv2.o \
>>                                            msmpeg4.o msmpeg4enc.o msmpeg4data.o
>>  OBJS-$(CONFIG_WNV1_DECODER)            += wnv1.o
>>  OBJS-$(CONFIG_WS_SND1_DECODER)         += ws-snd1.o
>> +OBJS-$(CONFIG_WRAPPED_AVFRAME_DECODER) += wrapped_avframe.o
>>  OBJS-$(CONFIG_WRAPPED_AVFRAME_ENCODER) += wrapped_avframe.o
>>  OBJS-$(CONFIG_XAN_DPCM_DECODER)        += dpcm.o
>>  OBJS-$(CONFIG_XAN_WC3_DECODER)         += xan.o
>> diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c
>> index 9f60d7c..3260927 100644
>> --- a/libavcodec/allcodecs.c
>> +++ b/libavcodec/allcodecs.c
>> @@ -342,7 +342,7 @@ void avcodec_register_all(void)
>>      REGISTER_DECODER(VP9,               vp9);
>>      REGISTER_DECODER(VQA,               vqa);
>>      REGISTER_DECODER(WEBP,              webp);
>> -    REGISTER_ENCODER(WRAPPED_AVFRAME,   wrapped_avframe);
>> +    REGISTER_ENCDEC (WRAPPED_AVFRAME,   wrapped_avframe);
>>      REGISTER_ENCDEC (WMV1,              wmv1);
>>      REGISTER_ENCDEC (WMV2,              wmv2);
>>      REGISTER_DECODER(WMV3,              wmv3);
>> diff --git a/libavcodec/version.h b/libavcodec/version.h
>> index 1e21f15..5eecf5b 100644
>> --- a/libavcodec/version.h
>> +++ b/libavcodec/version.h
>> @@ -29,7 +29,7 @@
>>  #include "libavutil/version.h"
>>
>>  #define LIBAVCODEC_VERSION_MAJOR  57
>> -#define LIBAVCODEC_VERSION_MINOR  15
>> +#define LIBAVCODEC_VERSION_MINOR  16
>>  #define LIBAVCODEC_VERSION_MICRO 100
>>
>>  #define LIBAVCODEC_VERSION_INT  AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \
>> diff --git a/libavcodec/wrapped_avframe.c b/libavcodec/wrapped_avframe.c
>> index 13c8d8a..185a1a2 100644
>> --- a/libavcodec/wrapped_avframe.c
>> +++ b/libavcodec/wrapped_avframe.c
>> @@ -32,6 +32,8 @@
>>  #include "libavutil/buffer.h"
>>  #include "libavutil/pixdesc.h"
>>
>> +#if CONFIG_WRAPPED_AVFRAME_ENCODER
>> +
>>  static void wrapped_avframe_release_buffer(void *unused, uint8_t *data)
>>  {
>>      AVFrame *frame = (AVFrame *)data;
>> @@ -71,3 +73,33 @@ AVCodec ff_wrapped_avframe_encoder = {
>>      .encode2        = wrapped_avframe_encode,
>>      .caps_internal  = FF_CODEC_CAP_INIT_THREADSAFE,
>>  };
>> +
>> +#endif
>> +
>> +#if CONFIG_WRAPPED_AVFRAME_DECODER
>> +
>> +static int wrapped_avframe_decode(AVCodecContext *avctx, void *data,
>> +                                  int *got_frame, AVPacket *avpkt)
>> +{
>> +    int ret;
>> +
>> +    if (avpkt->size != sizeof(AVFrame))
>> +        return AVERROR(EINVAL);
>> +
>> +    if ((ret = av_frame_ref((AVFrame *) data, (AVFrame *) avpkt->data)) < 0)
>> +        return ret;
>> +
>> +    *got_frame = 1;
>> +    return avpkt->size;
>> +}
>> +
>> +AVCodec ff_wrapped_avframe_decoder = {
>> +    .name           = "wrapped_avframe",
>> +    .long_name      = NULL_IF_CONFIG_SMALL("AVFrame to AVPacket passthrough"),
>> +    .type           = AVMEDIA_TYPE_VIDEO,
>> +    .id             = AV_CODEC_ID_WRAPPED_AVFRAME,
>> +    .decode         = wrapped_avframe_decode,
>> +    .caps_internal  = FF_CODEC_CAP_INIT_THREADSAFE,
>> +};
>> +
>> +#endif
>
> This is very dangerous. You get potentially security relevant bad
> behavior if you get anyone to force a demuxer/decoder on an untrusted
> input file.

OK, this makes segfault on my machine (120 = sizeof(AVFrame)/4 on my machine)
ffmpeg -codec wrapped_avframe  -pixel_format rgba -f rawvideo -s 120x1
-i input.mkv -f null -y /dev/null

Patch dropped.

Thank's.

More information about the ffmpeg-devel mailing list