[FFmpeg-devel] libavcodec/als: remove check for predictor order of a block

Umair Khan omerjerk at gmail.com
Thu Oct 19 23:03:44 EEST 2017 

Hi Ronald,

On Sun, Oct 15, 2017 at 12:21 AM, Ronald S. Bultje <rsbultje at gmail.com> wrote:
> Hi Umair,
>
> On Sat, Oct 14, 2017 at 1:43 PM, Umair Khan <omerjerk at gmail.com> wrote:
>
>> On Sat, Oct 14, 2017 at 8:02 PM, Ronald S. Bultje <rsbultje at gmail.com>
>> wrote:
>> > Hi Umair,
>> >
>> > On Sat, Oct 14, 2017 at 9:59 AM, Umair Khan <omerjerk at gmail.com> wrote:
>> >
>> >> I tested the file which Michael sent. The thing is that I'm getting
>> >> error in decoding that file in both the cases, with or without the
>> >> patch. I will begin debugging this issue, however I think the file
>> >> which Michael sent has got nothing to do with the patch in this
>> >> thread.
>> >>
>> >
>> > I don't think the file is meant to be decoded correctly, it's a specially
>> > crafted file to demonstrate that certain codepaths (triggered by files
>> such
>> > as this) can be used to trigger unwanted behaviour (overreads,
>> overwrites,
>> > etc.). Eventually, combinations of such files can be used to break into
>> > your system with specially crafted media files (yes, really).
>> >
>> > Your patch introduces such a security issue (since it's triggered by the
>> > file after, but not before the patch). This must be fixed before the
>> patch
>> > can be committed.
>>
>> Okay. You mean the file isn't supposed to be decoded and that the als
>> decoder should output the proper error message instead of breaking at
>> a random point. Am I getting it correct?
>>
>
> More specifically: after your patch, you'll notice that address sanitizer
> (clang -fsanitize=address) or valgrind output warnings when decoding this
> file. These warnings should be tracked down and fixed.

I tried decoding the file in both the cases and I don't see any
address related error in the console while decoding. Following is the
output after I apply the patch :-

➜  FFmpeg git:(master) ✗ ffmpeg -i
~/Downloads/abd3c041acbcb816be113455d138166b-asan_heap-oob_b11634_3707_cov_1707137151_als_05_2ch48k16b.mp4
out.mp4
ffmpeg version N-87928-g247281e805 Copyright (c) 2000-2017 the FFmpeg developers
  built with Apple LLVM version 9.0.0 (clang-900.0.38)
  configuration: --prefix=/usr/local --enable-gpl --enable-nonfree
--enable-libass --enable-libfdk-aac --enable-libfreetype
--enable-libmp3lame --enable-libtheora --enable-libvorbis
--enable-libvpx --enable-libx264 --enable-libx265 --enable-libopus
--enable-libxvid
  libavutil      55. 79.100 / 55. 79.100
  libavcodec     57.108.101 / 57.108.101
  libavformat    57. 84.101 / 57. 84.101
  libavdevice    57. 11.100 / 57. 11.100
  libavfilter     6.108.100 /  6.108.100
  libswscale      4.  9.100 /  4.  9.100
  libswresample   2. 10.100 /  2. 10.100
  libpostproc    54.  8.100 / 54.  8.100
Guessed Channel Layout for Input Stream #0.0 : stereo
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from
'/Users/mohammadumair/Downloads/abd3c041acbcb816be113455d138166b-asan_heap-oob_b11634_3707_cov_1707137151_als_05_2ch48k16b.mp4':
  Metadata:
    major_brand     : mt42
    minor_version   : 0
    compatible_brands: mp42i{om
    creation_time   : 2008-01-21T14:37:08.000000Z
  Duration: 00:00:14.81, start: 0.000000, bitrate: 436 kb/s
    Stream #0:0(und): Audio: mp4als (mp4a / 0x6134706D), 48000 Hz,
stereo, s16, 435 kb/s (default)
    Metadata:
      creation_time   : 2008-01-24T15:26:12.000000Z
File 'out.mp4' already exists. Overwrite ? [y/N] y
Stream mapping:
  Stream #0:0 -> #0:0 (mp4als (als) -> aac (native))
Press [q] to stop, [?] for help
[als @ 0x7fc2df001200] r overflow
[als @ 0x7fc2df001200] Reading frame data failed. Skipping RA unit.
Output #0, mp4, to 'out.mp4':
  Metadata:
    major_brand     : mt42
    minor_version   : 0
    compatible_brands: mp42i{om
    encoder         : Lavf57.84.101
    Stream #0:0(und): Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz,
stereo, fltp (16 bit), 128 kb/s (default)
    Metadata:
      creation_time   : 2008-01-24T15:26:12.000000Z
      encoder         : Lavc57.108.101 aac
size=       2kB time=00:00:00.06 bitrate= 217.0kbits/s speed=7.48x
video:0kB audio:1kB subtitle:0kB other streams:0kB global headers:0kB
muxing overhead: 90.142387%
[aac @ 0x7fc2df002a00] Qavg: 16482.379


Is there something which I'm missing?

-Umair

More information about the ffmpeg-devel mailing list