From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH] avformat/demux: Fix segfault due to avcodec_open2 failure (v2)
Date: Wed, 11 Jun 2025 00:10:48 +0200
Message-ID: <20250610221048.GW29660@pb2> (raw)
In-Reply-To: <CAJgjuowT8mz9=xHoAHx2dhg3r_ECcr97x+4LVQ7DXPy-0fvsKA@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1926 bytes --]
Hi Pavel
On Tue, Jun 10, 2025 at 11:27:37AM -0600, Pavel Koshevoy wrote:
> On Tue, Jun 10, 2025 at 9:29 AM Michael Niedermayer <michael@niedermayer.cc>
[...]
> I have never had any intention of introducing a
> security vulnerability.
do you agree that the patch should be reverted ?
(and also the 2 backports of it)
> If people want to keep this, it should be behind a flag and
> > disabled by default.
>
>
> I am not familiar with such flags ... are you suggesting a compile-time
> flag, or a run-time flag?
> A runtime flag would be preferable, because that would save me from having
> to cross-compile win64 ffmpeg libs myself.
runtime
>
>
> Its not enough to fix our code that crashes, other applications
> > similarly wont expect such id and type changes mid stream
>
>
> IDK how likely a media type change is outside the 1_poc.mp4.
100% likelyness an exploit of this will use it
> The sample
> files I have don't do that.
Your sample files are not exploits i assume. So obviously
they dont
> I can provide a 61MB clip of one such file, just a few seconds of SDR mpeg2
> video/audio slate followed by a few seconds of HDR10 hevc video and eac3
> audio... in case someone wants to work on making fftools support this.
This file certainly is valuable and should be added to samples.ffmpeg.org
BUT this security issue needs to be fixed, regardless of
anyone adding support for such samples
I dont think backporting midstream codec_id/type changes is a good
idea btw.
IMHO this should all be reverted (its a small 3 line patch)
and then again start from scratch with review, testing, fuzzing, and
runtime flag.
PS: The researcher also wants a CVE# for this issue.
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
What is money laundering? Its paying someone and not telling the government.
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2025-06-10 22:11 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 3:45 Pavel Koshevoy
2025-06-10 13:38 ` Michael Niedermayer
2025-06-10 14:42 ` Pavel Koshevoy
2025-06-10 15:29 ` Michael Niedermayer
2025-06-10 15:39 ` Pavel Koshevoy
2025-06-10 17:27 ` Pavel Koshevoy
2025-06-10 17:30 ` Nicolas George
2025-06-10 17:54 ` Pavel Koshevoy
2025-06-10 22:10 ` Michael Niedermayer [this message]
2025-06-10 23:36 ` Pavel Koshevoy
2025-06-11 10:14 ` Michael Niedermayer
2025-06-11 15:51 ` Michael Niedermayer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250610221048.GW29660@pb2 \
--to=michael@niedermayer.cc \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git