avformat: Add and use ff_copy_whitelists()

Fixes potential security issue in case of running out of memory Found-by: ubitux Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2024-11-21 10:55:51 +02:00 · 2014-10-24 19:23:23 +02:00 · 2014-10-24 19:23:23 +02:00 · 4641ae352e
commit 4641ae352e
parent e56425d1a7
9 changed files with 34 additions and 20 deletions
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@ -1040,9 +1040,8 @@ static int read_gab2_sub(AVFormatContext *s, AVStream *st, AVPacket *pkt)

        ast->sub_ctx->pb = pb;

-        av_assert0(!ast->sub_ctx->codec_whitelist && !ast->sub_ctx->format_whitelist);
-        ast->sub_ctx-> codec_whitelist = av_strdup(s->codec_whitelist);
-        ast->sub_ctx->format_whitelist = av_strdup(s->format_whitelist);
+        if (ff_copy_whitelists(ast->sub_ctx, s) < 0)
+            goto error;

        if (!avformat_open_input(&ast->sub_ctx, "", sub_demuxer, NULL)) {
            ff_read_packet(ast->sub_ctx, &ast->sub_pkt);
@ -1056,6 +1055,7 @@ static int read_gab2_sub(AVFormatContext *s, AVStream *st, AVPacket *pkt)
        return 1;

 error:
+        av_freep(&ast->sub_ctx);
        av_freep(&pb);
    }
    return 0;
--- a/libavformat/concatdec.c
+++ b/libavformat/concatdec.c
@ -289,9 +289,8 @@ static int open_file(AVFormatContext *avf, unsigned fileno)

    cat->avf->interrupt_callback = avf->interrupt_callback;

-    av_assert0(!cat->avf->codec_whitelist && !cat->avf->format_whitelist);
-    cat->avf-> codec_whitelist = av_strdup(avf->codec_whitelist);
-    cat->avf->format_whitelist = av_strdup(avf->format_whitelist);
+    if ((ret = ff_copy_whitelists(cat->avf, avf)) < 0)
+        return ret;

    if ((ret = avformat_open_input(&cat->avf, file->url, NULL, NULL)) < 0 ||
        (ret = avformat_find_stream_info(cat->avf, NULL)) < 0) {
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@ -1345,9 +1345,8 @@ static int hls_read_header(AVFormatContext *s)
        pls->ctx->pb       = &pls->pb;
        pls->stream_offset = stream_offset;

-        av_assert0(!pls->ctx->codec_whitelist && !pls->ctx->format_whitelist);
-        pls->ctx-> codec_whitelist = av_strdup(s->codec_whitelist);
-        pls->ctx->format_whitelist = av_strdup(s->format_whitelist);
+        if ((ret = ff_copy_whitelists(pls->ctx, s)) < 0)
+            goto fail;

        ret = avformat_open_input(&pls->ctx, pls->segments[0]->url, in_fmt, NULL);
        if (ret < 0)
--- a/libavformat/internal.h
+++ b/libavformat/internal.h
@ -412,5 +412,9 @@ enum AVWriteUncodedFrameFlags {

 };

+/**
+ * Copies the whilelists from one context to the other
+ */
+int ff_copy_whitelists(AVFormatContext *dst, AVFormatContext *src);

 #endif /* AVFORMAT_INTERNAL_H */
--- a/libavformat/libquvi.c
+++ b/libavformat/libquvi.c
@ -76,9 +76,8 @@ static int libquvi_read_header(AVFormatContext *s)
    if (rc != QUVI_OK)
        goto quvi_fail;

-    av_assert0(!qc->fmtctx->codec_whitelist && !qc->fmtctx->format_whitelist);
-    qc->fmtctx-> codec_whitelist = av_strdup(s->codec_whitelist);
-    qc->fmtctx->format_whitelist = av_strdup(s->format_whitelist);
+    if ((ret = ff_copy_whitelists(qc->fmtctx, s)) < 0)
+        goto end;

    ret = avformat_open_input(&qc->fmtctx, media_url, NULL, NULL);
    if (ret < 0)
--- a/libavformat/mpeg.c
+++ b/libavformat/mpeg.c
@ -700,8 +700,8 @@ static int vobsub_read_header(AVFormatContext *s)
    if (!vobsub->sub_ctx)
        return AVERROR(ENOMEM);

-    vobsub->sub_ctx-> codec_whitelist = av_strdup(s->codec_whitelist);
-    vobsub->sub_ctx->format_whitelist = av_strdup(s->format_whitelist);
+    if ((ret = ff_copy_whitelists(vobsub->sub_ctx, s)) < 0)
+        goto end;

    ret = avformat_open_input(&vobsub->sub_ctx, sub_name, &ff_mpegps_demuxer, NULL);
    if (ret < 0) {
--- a/libavformat/rtpdec_asf.c
+++ b/libavformat/rtpdec_asf.c
@ -117,9 +117,10 @@ int ff_wms_parse_sdp_a_line(AVFormatContext *s, const char *p)
        rt->asf_ctx->pb      = &pb;
        av_dict_set(&opts, "no_resync_search", "1", 0);

-        av_assert0(!rt->asf_ctx->codec_whitelist && !rt->asf_ctx->format_whitelist);
-        rt->asf_ctx-> codec_whitelist = av_strdup(s->codec_whitelist);
-        rt->asf_ctx->format_whitelist = av_strdup(s->format_whitelist);
+        if ((ret = ff_copy_whitelists(rt->asf_ctx, s)) < 0) {
+            av_dict_free(&opts);
+            return ret;
+        }

        ret = avformat_open_input(&rt->asf_ctx, "", &ff_asf_demuxer, &opts);
        av_dict_free(&opts);
--- a/libavformat/sapdec.c
+++ b/libavformat/sapdec.c
@ -160,9 +160,8 @@ static int sap_read_header(AVFormatContext *s)
    sap->sdp_ctx->pb        = &sap->sdp_pb;
    sap->sdp_ctx->interrupt_callback = s->interrupt_callback;

-    av_assert0(!sap->sdp_ctx->codec_whitelist && !sap->sdp_ctx->format_whitelist);
-    sap->sdp_ctx-> codec_whitelist = av_strdup(s->codec_whitelist);
-    sap->sdp_ctx->format_whitelist = av_strdup(s->format_whitelist);
+    if ((ret = ff_copy_whitelists(sap->sdp_ctx, s)) < 0)
+        goto fail;

    ret = avformat_open_input(&sap->sdp_ctx, "temp.sdp", infmt, NULL);
    if (ret < 0)
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@ -130,6 +130,19 @@ void av_format_inject_global_side_data(AVFormatContext *s)
    }
 }

+int ff_copy_whitelists(AVFormatContext *dst, AVFormatContext *src)
+{
+    av_assert0(!dst->codec_whitelist && !dst->format_whitelist);
+    dst-> codec_whitelist = av_strdup(src->codec_whitelist);
+    dst->format_whitelist = av_strdup(src->format_whitelist);
+    if (   (src-> codec_whitelist && !dst-> codec_whitelist)
+        || (src->format_whitelist && !dst->format_whitelist)) {
+        av_log(dst, AV_LOG_ERROR, "Failed to duplicate whitelist\n");
+        return AVERROR(ENOMEM);
+    }
+    return 0;
+}
+
 static const AVCodec *find_decoder(AVFormatContext *s, AVStream *st, enum AVCodecID codec_id)
 {
    if (st->codec->codec)