Re: [FFmpeg-devel] [PATCH v2 5/5] avformat/chromaprint: Avoid null pointer dereference

Sun, 06 Oct 2019 05:03:08 -0700 

On 10/6/19, Andriy Gelman <andriy.gel...@gmail.com> wrote:
> On Sun, 06. Oct 01:49, Andriy Gelman wrote:
>> From: Andriy Gelman <andriy.gel...@gmail.com>
>>
>> As of commit 21b2442f in the chromaprint library, selecting "-algorithm 2"
>> via the ffmpeg cli creates a null pointer dereference. This can be
>> replicated by:
>> ./ffmpeg -f lavfi -i sine=d=20,asetnsamples=n=1000 -f chromaprint
>> -algorithm 2 -
>>
>> Until this issue is resolved, this commit makes ffmpeg output an error
>> when
>> "-algorithm 2" is selected for chromaprint versions > 1.2.0.
>> ---
>>  libavformat/chromaprint.c | 7 +++++++
>>  1 file changed, 7 insertions(+)
>>
>> diff --git a/libavformat/chromaprint.c b/libavformat/chromaprint.c
>> index faa92ca0db..3ecce3e08a 100644
>> --- a/libavformat/chromaprint.c
>> +++ b/libavformat/chromaprint.c
>> @@ -70,6 +70,13 @@ static int write_header(AVFormatContext *s)
>>          return AVERROR(ENOMEM);
>>      }
>>
>> +#if CPR_VERSION_INT > AV_VERSION_INT(1, 2, 0)
>> +    if (cpr->algorithm == CHROMAPRINT_ALGORITHM_TEST3) {
>> +        av_log(s, AV_LOG_ERROR, "Algorithm 2 cannot be used with
>> chromaprint version > 1.2.0 because of a bug in the chromaprint
>> library\n");
>> +        goto fail;
>> +    }
>> +#endif
>> +
>>      if (cpr->silence_threshold != -1) {
>>  #if CPR_VERSION_INT >= AV_VERSION_INT(0, 7, 0)
>>          if (!chromaprint_set_option(cpr->ctx, "silence_threshold",
>> cpr->silence_threshold)) {
>> --
>> 2.23.0
>>
>
> The seg fault actually occurs in libavcodec/avfft.c in the
> av_rdft_calc(RDFTContext *s, FFTSample *data) function, where chromaprint
> lib parses an unitialized context s=NULL.
>
> Is it worth submitting a patch where contexts are checked before
> dereferencing
> in avfft.c?

No, fix chromaprint instead, its very buggy.

>
> --
> Andriy
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to