From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 33B374CBB4 for ; Tue, 10 Jun 2025 22:11:02 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id BA6DB687D88; Wed, 11 Jun 2025 01:10:57 +0300 (EEST) Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 271A3687D33 for ; Wed, 11 Jun 2025 01:10:51 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 5F36A433D1 for ; Tue, 10 Jun 2025 22:10:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1749593450; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8UypO4kSvS44ldu2B/mpP+dtkUh7jH3guY9zXk4KtYY=; b=Y2Dt9ml6uO5w/AYPHJPHzTfG/ahpVw2of5FNLxRS8yd9aUX8i6R6eayVxcL1orCgVYC/v7 Rf5LWrrjzFaS325I8bhzmD3zkZzURrgYaM4JZDjHukgaI2xJ3p2JL0tSTVAsSEsFxlnFNv fulQ7jNOzOyDitcjExVu6S7ec13R3cFwRkeUsQD86ZwYJdoVNzNP1TQJ4tFmpn2I3+08qk dvAyU0zTAkv60v/Oi26uTVjmjs72ngCyVKD2oTyJ1nZjZpTCIiOXjR6Whkj6hhrMpb3TyV bUxNZbMp3MsQVSUmiutPSZtrqnLYEl884YwRpHFi0f51LCgViQmKxR7miOOFiw== Date: Wed, 11 Jun 2025 00:10:48 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20250610221048.GW29660@pb2> References: <20250610034528.30157-1-pkoshevoy@gmail.com> <20250610133859.GU29660@pb2> <20250610152918.GV29660@pb2> MIME-Version: 1.0 In-Reply-To: X-GND-State: clean X-GND-Score: -70 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddugdduudefvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfitefpfffkpdcuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnegfrhhlucfvnfffucdlfedtmdenucfjughrpeffhffvuffkfhggtggujgesghdtreertddtjeenucfhrhhomhepofhitghhrggvlhcupfhivgguvghrmhgrhigvrhcuoehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgeqnecuggftrfgrthhtvghrnhepffehvefhvddvhfdtgfethfdtueelfedtveekffeljeethfegtdfhfefggfeufedtnecuffhomhgrihhnpehffhhmphgvghdrohhrghenucfkphepgedurdeiiedrieejrdduudefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepgedurdeiiedrieejrdduudefpdhhvghloheplhhotggrlhhhohhsthdpmhgrihhlfhhrohhmpehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgdpnhgspghrtghpthhtohepuddprhgtphhtthhopehffhhmphgvghdquggvvhgvlhesfhhfmhhpvghgrdhorhhg X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH] avformat/demux: Fix segfault due to avcodec_open2 failure (v2) X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============0926848187062502718==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============0926848187062502718== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="tihGOlepOPXVdixy" Content-Disposition: inline --tihGOlepOPXVdixy Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Pavel On Tue, Jun 10, 2025 at 11:27:37AM -0600, Pavel Koshevoy wrote: > On Tue, Jun 10, 2025 at 9:29=E2=80=AFAM Michael Niedermayer [...] > I have never had any intention of introducing a > security vulnerability. do you agree that the patch should be reverted ? (and also the 2 backports of it) > If people want to keep this, it should be behind a flag and > > disabled by default. >=20 >=20 > I am not familiar with such flags ... are you suggesting a compile-time > flag, or a run-time flag? > A runtime flag would be preferable, because that would save me from having > to cross-compile win64 ffmpeg libs myself. runtime >=20 >=20 > Its not enough to fix our code that crashes, other applications > > similarly wont expect such id and type changes mid stream >=20 >=20 > IDK how likely a media type change is outside the 1_poc.mp4. 100% likelyness an exploit of this will use it > The sample > files I have don't do that. Your sample files are not exploits i assume. So obviously they dont > I can provide a 61MB clip of one such file, just a few seconds of SDR mpe= g2 > video/audio slate followed by a few seconds of HDR10 hevc video and eac3 > audio... in case someone wants to work on making fftools support this. This file certainly is valuable and should be added to samples.ffmpeg.org BUT this security issue needs to be fixed, regardless of anyone adding support for such samples I dont think backporting midstream codec_id/type changes is a good idea btw. IMHO this should all be reverted (its a small 3 line patch) and then again start from scratch with review, testing, fuzzing, and runtime flag. PS: The researcher also wants a CVE# for this issue. thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB What is money laundering? Its paying someone and not telling the government. --tihGOlepOPXVdixy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCaEitZQAKCRBhHseHBAsP q74jAKCUw7snmAmrPV21Y4GPCub2wXEPhQCfZF0liLmPSvNuU/zw9+OoyUhxHoI= =4aE3 -----END PGP SIGNATURE----- --tihGOlepOPXVdixy-- --===============0926848187062502718== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============0926848187062502718==--