[FFmpeg-trac] #2293(undetermined:new): Apple HTTP Live Streaming demuxer does invalid accesses to avio internals

FFmpeg trac at avcodec.org
Thu Feb 21 16:56:29 CET 2013


#2293: Apple HTTP Live Streaming demuxer does invalid accesses to avio internals
-------------------------------------+-------------------------------------
             Reporter:  gjdfgh       |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 The "Apple HTTP Live Streaming" demuxer (hls.c) expects that the
 AVIOContext is libavformat's HTTP implementation, and accesses it like
 that without doing further checks. This leads to a segfault if the
 AVIOContext is actually created by the application.

 You can find the following lines in hls.c in hls_read_header():
 {{{
 static int hls_read_header(AVFormatContext *s)
 {
     URLContext *u = s->pb->opaque;
     ...
         av_opt_get(u->priv_data, "user-agent", 0,
 (uint8_t**)&(c->user_agent));
 }}}

 Obviously this fails if pb is a custom context, and pb->opaque is
 something user created.

 Consider adding some other, API-visible mechanism to transfer data between
 AVIOContext and AVFormatContext for things that are not part of the
 bytestream? At the very least, the checks whether it's ok to poke around
 in AVIOContext internals must be improved.

 Happened with git master from some days ago (9f16cb9e5), unknown whether
 this is a regression.

 This can't be reproduced with ffmpeg and ffplay, naturally.

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2293>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list