From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 465E649631 for ; Sun, 17 Mar 2024 02:36:56 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 023CF68D16C; Sun, 17 Mar 2024 04:36:54 +0200 (EET) Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A547668D050 for ; Sun, 17 Mar 2024 04:36:47 +0200 (EET) Received: by mail-ej1-f53.google.com with SMTP id a640c23a62f3a-a468226e135so225301866b.0 for ; Sat, 16 Mar 2024 19:36:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710643006; x=1711247806; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=LbNRinWfWJDchW+yz0eDOE+DIRqEzOv3Zq2OFtPcqOY=; b=FXx0bhcGlon1U239t2Sj1SWVPVaUFAjLKxYFdJAbWl8jKpbQBIVDEy8rM555ywtn0d apCTHORMKdr1EYZ+0QaKkwM1SzFZBkUJ0DE+SyRoBnDSIhGLkZ2tkdCpl7Np20pZzkzo 2iWGTSEQ6hTV5cO+V37Qaj+NvZMDw2TJLdsN080OWRoE5FOAz1+aFJae1R1+Ps9iueh3 Sj2dIBsIEbalJOGhcJC3rcxNqc650y3ovFGl7Fu5wWHOCODmwzQpbCfpwyFRw5lwWKk/ uJVJGFqP2eZHsxUH2vmJwEGnRCetmjSa3hIye89qgSZ1EFpvASkd47OfuNoxelH1CoCD dvvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710643006; x=1711247806; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LbNRinWfWJDchW+yz0eDOE+DIRqEzOv3Zq2OFtPcqOY=; b=R+kJKiQNSdko3yLyqfU8IVy3kLj5XfjEELRStBXVoEsgj10sZFo8VukW+6oSKtJDOs 3yOhBS+3g/xrn7BXGp5P9/hEwdsnnr58iM+hX2+ubZrfQrfHDtFSe1KCTMIV/Wc9lpXO 6sOqsn6maGKm9lAlAwxXSs52x/wtc5VJgzICOngydlfAu/2URYZIOuxjnv3S/NXLUMMY vlNuGLxu6GSqKxmhPnnv44n2EA7GsGFxd25goN35IORY/NdCcmWishuC4KM+z8ZxEsNR lcC+WJ/pEKjx19Apaj/+HpsSq6lEDNdP7yDzAVmZxEUcQP38QZq5WFFkzT7xNzD7WSYM QUYA== X-Gm-Message-State: AOJu0YxVi/n6kfxnkE78Q+H2VIVqmPcl+JbpqGpkvwOrDucjKwNwUGie KAcmoDTBEJ17UZv8Uqna4SsolGSrW9WNzoNoG4BQUvyzshjtx0nCh3RJB5wf X-Google-Smtp-Source: AGHT+IGewKdayHkgt0pSbfBz1QerAQXERVgUKNHUbCx32MIx1Y0RDU3rXxmDrcFnNNx5KezX9ZQkIw== X-Received: by 2002:a17:906:355a:b0:a46:9671:b461 with SMTP id s26-20020a170906355a00b00a469671b461mr2922704eja.61.1710643006465; Sat, 16 Mar 2024 19:36:46 -0700 (PDT) Received: from localhost.localdomain (89-74-109-154.dynamic.chello.pl. [89.74.109.154]) by smtp.gmail.com with ESMTPSA id rf22-20020a1709076a1600b00a450b817705sm3332387ejc.154.2024.03.16.19.36.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 16 Mar 2024 19:36:46 -0700 (PDT) From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= To: ffmpeg-devel@ffmpeg.org Date: Sun, 17 Mar 2024 03:36:16 +0100 Message-ID: <20240317023628.1936-1-kasper93@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avformat/hls: update current segment reference before use X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: It may be invalidated by the time it is used. Fixes use after free when accessing current segment. Fixes: #10825 --- libavformat/hls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/hls.c b/libavformat/hls.c index f6b44c2e35..94bc6bc064 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -2098,6 +2098,7 @@ static int hls_read_header(AVFormatContext *s) * If encryption scheme is SAMPLE-AES and audio setup information is present in external audio track, * use that information to find the media format, otherwise probe input data */ + seg = current_segment(pls); if (seg && seg->key_type == KEY_SAMPLE_AES && pls->is_id3_timestamped && pls->audio_setup_info.codec_id != AV_CODEC_ID_NONE) { void *iter = NULL; @@ -2124,6 +2125,7 @@ static int hls_read_header(AVFormatContext *s) av_free(url); } + seg = current_segment(pls); if (seg && seg->key_type == KEY_SAMPLE_AES) { if (strstr(in_fmt->name, "mov")) { char key[33]; @@ -2170,6 +2172,7 @@ static int hls_read_header(AVFormatContext *s) * on us if they want to. */ if (pls->is_id3_timestamped || (pls->n_renditions > 0 && pls->renditions[0]->type == AVMEDIA_TYPE_AUDIO)) { + seg = current_segment(pls); if (seg && seg->key_type == KEY_SAMPLE_AES && pls->audio_setup_info.setup_data_length > 0 && pls->ctx->nb_streams == 1) ret = ff_hls_senc_parse_audio_setup_info(pls->ctx->streams[0], &pls->audio_setup_info); -- 2.43.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".