[FFmpeg-trac] #2293(undetermined:new): Apple HTTP Live Streaming demuxer does invalid accesses to avio internals
FFmpeg
trac at avcodec.org
Thu Feb 21 16:56:29 CET 2013
#2293: Apple HTTP Live Streaming demuxer does invalid accesses to avio internals
-------------------------------------+-------------------------------------
Reporter: gjdfgh | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
The "Apple HTTP Live Streaming" demuxer (hls.c) expects that the
AVIOContext is libavformat's HTTP implementation, and accesses it like
that without doing further checks. This leads to a segfault if the
AVIOContext is actually created by the application.
You can find the following lines in hls.c in hls_read_header():
{{{
static int hls_read_header(AVFormatContext *s)
{
URLContext *u = s->pb->opaque;
...
av_opt_get(u->priv_data, "user-agent", 0,
(uint8_t**)&(c->user_agent));
}}}
Obviously this fails if pb is a custom context, and pb->opaque is
something user created.
Consider adding some other, API-visible mechanism to transfer data between
AVIOContext and AVFormatContext for things that are not part of the
bytestream? At the very least, the checks whether it's ok to poke around
in AVIOContext internals must be improved.
Happened with git master from some days ago (9f16cb9e5), unknown whether
this is a regression.
This can't be reproduced with ffmpeg and ffplay, naturally.
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2293>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list