From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id CD9A94A614
	for <ffmpegdev@gitmailbox.com>; Mon,  1 Apr 2024 21:36:08 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id DFED668CF84;
	Tue,  2 Apr 2024 00:36:05 +0300 (EEST)
Received: from EUR03-AM7-obe.outbound.protection.outlook.com
 (mail-am7eur03olkn2033.outbound.protection.outlook.com [40.92.59.33])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 442AF68CC3B
 for <ffmpeg-devel@ffmpeg.org>; Tue,  2 Apr 2024 00:35:59 +0300 (EEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=iZSXg5eEXUOK9+H5ibCcX7ABGn82E9EUNVtsJ4HDx6E8KErwR34z5Io0qj+Qolx4hKegC+O18e9nBEyuaElgwGreocKoiLgap9XFTRnuIr2ehcP+mRk1MSVIwnJj/5UGaX6Twb8YIPgAv/aYPynt/NpBsamVU63j6acfFqDCznkKlXgFJaBLn+tAi+2t1kcMYV6nSWPh33djOaVLb/IIizO3l2QX3oPZHdHeSYqVknQ+AG+Hj2Iw8LyDVZX3vlNrfv9qgsAh81esQ6CLaeU8yPNBzfmmIKNLyix6lYMcFF5G/WT6BUt1CCqaUdRdYyRWp4KB6UFx09mh+FYTjcVE9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=+1fsoRdy08niY6t/ySXFe2bD8ED43il/bJLEdshXQHY=;
 b=KfTrAI0r9+3M6W6e+fGwPn4MgGlLy7+bITcW4NM/nDuWMZBpbnC2bVOmA+AgNx106rEwWcODKGesklzHRq4BqCoWsiSmdi3C0FuMAjFRzgK4/b58VbZNVxcUrCwD7yPnUhKiCgxAILAmYWCJnP1vlSe3q5Z9OkPH4dV1FKX2WVMWtafBAlvtADzhFS0XBsAPyQ4xTi3q9B+ae6826L9ocFAKaTdjreuJvDJnWKHNeKvLMZ66LT+xg0EN1rm3tYC+bsiCba1nXksoYfMpKAVsyjmKlkAjLEeGNICVTPFoyVVQrRxSGz/mrHJy9jQez/loX5oG6W/O4WKNCsxlMgG8pg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=+1fsoRdy08niY6t/ySXFe2bD8ED43il/bJLEdshXQHY=;
 b=bGGT5C6H6qlR1WX3btMqekPtfFH3nZ+AOV/xNhwQ374Kkm/RHuPvjlJCKy4wbJ10dOeozJrMhT5pj4xFT5g6wowji6YF5VKelkb7uEnPLxCkIFATKUSWPNgwJb0gqD96NtzcCtkayNjshUrHNBAGUhcqokNuUcTYcm/rjcnYjC6ufdFtUN5ScBOs5BogCcekmGnsgaL25dYIjyUbvv0n/yiu1vysthOeIEhySaDbj+PdJtYnCMPJG1fMU5ZWq0Nafrudae1hQdeKMbpyEfA7F9tYaAaUtvq0wX3UE7ir/OH0Gtn6cZxIE24YZAHeKUPRGNgEGTGbN8P1X5qkYgot2A==
Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17)
 by AS4P250MB0486.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:4b5::22) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Mon, 1 Apr
 2024 21:35:58 +0000
Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
 ([fe80::4a3b:cf76:cddc:c68d]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
 ([fe80::4a3b:cf76:cddc:c68d%4]) with mapi id 15.20.7409.042; Mon, 1 Apr 2024
 21:35:57 +0000
Message-ID: <GV1P250MB0737D39B96BD2B982DE7E9658F3F2@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM>
Date: Mon, 1 Apr 2024 23:35:56 +0200
User-Agent: Mozilla Thunderbird
To: ffmpeg-devel@ffmpeg.org
References: <20240401205607.9093-1-michael@niedermayer.cc>
 <20240401205607.9093-4-michael@niedermayer.cc>
Content-Language: en-US
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
In-Reply-To: <20240401205607.9093-4-michael@niedermayer.cc>
X-TMN: [xK0EFbBDdCDitokLMrc8f23dyn8ZtZSqnv/pS2GsHPU=]
X-ClientProxiedBy: FR3P281CA0199.DEUP281.PROD.OUTLOOK.COM
 (2603:10a6:d10:a5::16) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
 (2603:10a6:150:8e::17)
X-Microsoft-Original-Message-ID: <9d705513-da75-4409-8b04-af7ab9ed3a03@outlook.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|AS4P250MB0486:EE_
X-MS-Office365-Filtering-Correlation-Id: 7d87fc94-894e-4784-a180-08dc5293b7c4
X-MS-Exchange-SLBlob-MailProps: YfhX3sd/0TXHfcYvjh7tbFT4XexNU2oQ226jNU8ENhutlDtbIkg65OhjzTMsBrZeHe27IyDelmeWgCGGt+anG8v7PH5RR/zvi3rjl5qaBg14V4IYiFiQ3MXvM7zMMCjzSIfhnPAD6AtA/tPRVhpaGgLkopB/hCy8eKFlejULCC2wm5nK/0Y5xTkL7Ch9XUYBcUSDGn1XGdzIeJrTeEzQZR72Bnaj1gntu6Z9tWy4GyEziAPNuooEW8Mb3pRQeaGYoc9ygCxAD4eyvTfINLD+1VlFGQiTaXXjdxSwWz0+8Ff9O9DBQvwcw9l+SUC60IviuXRxjnA/WY89EEsf3Y7Xp7Sn7LgDWd06hPEotAyPgxvxCxCPgiy1noXMQqvOd+JPfkDFUVXR8IQLenrfW2wIJfBkzF8WfpgCdjE6sfEoTC5biUc06F6X1ZK8UVJtqyeFSwpPhBcsICDz/8v1plG2FuWSuMNJEDjMU0VK9kcKkj5wnpQYTS5tyw11ZEbvnxxX6ZG9GoFFIhTxOpyiPvVojEOZA/UWm0ZUtx8MS5vb6g5vEiGqY8Rd0C6XE0yJU+66l5Ou+tI0EHlxOnh+P+a029uAOitcrR9Qs9gkFMhcDmiJkOReHlGvgFjbwNMgwjwgQ2HrFHvtE3QQozS03NkMQ0D7g95tPBidNxhYXXcxOwP0J3TbTnRYDhxf2fVdoRu1VtYqlcUmPYDqXmAbgPSmkxzEoDpGj+bKg0Ml1ObtuvBdadAgB++A945C5nW26Ccb38X7YbjBSunra1VeMLKUo2P1w8Hk0fdoQ5E8Ee9gVko=
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: SgaoBPwLM2P5niQyDdMLjuS2uvh1MLCF4AtFb+GKPBHzFod42T4LLgdTdQ9hji/2Faj904X09zYrSkWl5GV3JmogluOwabGlN9ziTltE5MCXT7IykPpstpAYjoTTt2lzjeG1Ibw4cEGyQTB5DMgUTtJRbsTPu5YV3JySLUh/cK3g02/zsGwCCMx+nIfR0lmW8f+cPUO6NmSTIR7rPVdakJSYUzi8EP494wFw1gn8d78tpw0+Hp72XzbBin5L+Uv7tO8Sm9y8RDG+W07MTuuvgUg3mUouKW7SMUq1BP6ddhPUDn5r+Jjeluaver5A4aZK6oVzcJuuLLPCLXRkbCicQ94gDh1SGfiI4ph3XjKTytYyxDsUv/8OHK+J0QvuxUyNzccdy7cvAVFePtt4ilgBjldBZGhOo2BEhpZ9pweOMT1tFD3k23q874i6Jkch6IOKei1pwWtgzUO1u+BrtnUAOeA/tQHm/V7f5aLogJQIY36pBtICTCNo5Gi7HCTgWTXmjcNm+9WuOh7YpsF6blY3c04xh1FSTRGDD5u6oJwVLZPuSD2JPdWE89Wmi0HuGdSTovSB9zlvPOchmwIxQClK1YcRylPiCYSqVHupOv1lvzB45VTVH2V2uFsXVVe3a0SxfHJ/Va9EyYBQqcxTAmVVwoGQRASyxcyXnY86fLUm3LU=
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VFBVT3BmUjA5VWxKbXJLUWpUbklOYUJqZkZRQ0FMS3NNMW8zVEFVMkRCTmlD?=
 =?utf-8?B?U0xVYkNUdDhtdEQ0b1ZzVW1ibHJvUXFzRTlmL3NGTTlEME5kVHgzTkdVTnZL?=
 =?utf-8?B?NmtSMFZIQjBlL2ZreHhRNWxyT3k4NUdVZkk1NVBueGtCWjhIYXV4WGtNWC9N?=
 =?utf-8?B?ckd6V0JYbW4xNmtuYXVyMHZ4TERncXB3Zk9iczZ3K0Q1Zm8zaW1HSGlLa01i?=
 =?utf-8?B?ZkFTVUJoZldadWNMbW00SVhUZUdJYzlwbXVETjBWUG1LYldHNnlDRitVN3F5?=
 =?utf-8?B?a2dqbFpqN1R5cEh5bFlVVmkySm4xdi8vWkN3dXZ2UWlDajExd2M3bXNEYVVZ?=
 =?utf-8?B?eEh5Y0ZBd0RFc243NFh6L0pDV1ViemRRdUpBQ0dHbXMwT2ZMc2IycndCaVY5?=
 =?utf-8?B?OGsxc0l2TkIxdk44Q0FlajZPMkRnM21NOEVRYmlubnlnMEpMQkhHN2RDcDFa?=
 =?utf-8?B?N3c5RUJudFN3SlZKdzlPc2IyWjZnTXRmSjMwblE4cHNLRE5mejZSRFQvc2tI?=
 =?utf-8?B?Yk5FNjcrUG9TRFVKdUp1ejZ1RmJZZUFzVGZtdlNqMUszRjcreE9PS3Vyd3Jn?=
 =?utf-8?B?V3lzSkVHUmxPQWtsdkozTlRaQXV0K1A0MUU0eHFlY1psOFBkVjd0SHkydVor?=
 =?utf-8?B?UGpWSktDTSs1K3paOXZobFFJMjVLY1VrbVpGRnhNamNyWkl6bFIvNU1wUjVS?=
 =?utf-8?B?WFcrNWxUOHZzUjhhaFFySEEvaFdNRGlkYW5Pckt1NnVaNTBFc0I2djJCQ2hH?=
 =?utf-8?B?ZEtpZkw0dnQ2RTF4VjZwd0EreGpaOENjNSszMHI4MlB3QUZnZnE0TWlyTGxH?=
 =?utf-8?B?OVoxL3pCbTM0a3dnMkFUeGpSdDZNUFRBSFljek9wb1M0R1BjNXk4Z215Rm9n?=
 =?utf-8?B?ejh5K3B2SXg4NmJJanRiNlhzbGhWYklCMzVMMytWaDdJeDR3Z3J2K3ZWd0lK?=
 =?utf-8?B?MG5wbUxxYnNsSERmRW5WT25KTE9KekJveU5Kczh1YkppdmVnTHdFT2hmWW8y?=
 =?utf-8?B?UlNtaW5lbXlEd2tpVlFJem5zSGhheS9CK1dqelNSczZ6SXYxbHhKRVFRMmNT?=
 =?utf-8?B?blhDMUNBWTlSaUZQMDhlSGo0M25CaGJaK2Q2NDhacEMwUlo1OGtCOHJvaFhx?=
 =?utf-8?B?UUdRYlFxdkpRTUx4WkRibmVFV3lPeWJGUGVySmNKWkF0RXpQNTFEd3JPcG90?=
 =?utf-8?B?clk4MjR3aGwxdzJpT2pjTmNELzVPdVVZMXRuVmtOVVhETUNYQVJpenpYcE1D?=
 =?utf-8?B?ZW1uUFRsazlWV2V0c2hrNC9NVzdDTGNoTUJvNExIbW1zcGNLblBWQmxVUytO?=
 =?utf-8?B?Q01nWUFUMDcrVzJpZGhRb1I5R1BoR3EzRmh3N2JKeURvZTNTVHFKNWozSCtX?=
 =?utf-8?B?RHhFQ2hlOXF1TEJtUEwwc1dVb3g1K09pVjJ5Mk1DQVV3cG1JeUQ3bHBSMnRI?=
 =?utf-8?B?MFYrbTdqMUVjR0pJSnd4MmtUa25iOUtmOFJVYktKcm9CREVPcXhEcUY4elBL?=
 =?utf-8?B?aURrL1BJeVQ3bEV4ZEwxUk5MQmMrMXJPVU5kNy9HejgyeW5admV1MHJ5R2lr?=
 =?utf-8?B?R2Vtb0xBZDhSOWVrZTJ0TjJLdUpucXpaNS9Ja21MK3g5amNaaXo2YkFyN01X?=
 =?utf-8?B?MmFlaVhRZys4RjQ2bFV2SU40b3F5enc4dWYxc3lwbm9xUEhsbUNPUWF2bkZx?=
 =?utf-8?B?akpteDNNS0w1VStaQy9JK1FibTN3eXRSNGFMYVB2NDJDNTZ3dkxsb3Z3PT0=?=
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7d87fc94-894e-4784-a180-08dc5293b7c4
X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2024 21:35:57.8433 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P250MB0486
Subject: Re: [FFmpeg-devel] [PATCH 4/6] avformat/demux_utils: Avoid leaking
 the packet in ff_add_attached_pic()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/GV1P250MB0737D39B96BD2B982DE7E9658F3F2@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

Michael Niedermayer:
> Fixes: memleak
> Fixes: 67714/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5671570999476224
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavformat/demux_utils.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/demux_utils.c b/libavformat/demux_utils.c
> index 86f551245be..96e6e20d1ec 100644
> --- a/libavformat/demux_utils.c
> +++ b/libavformat/demux_utils.c
> @@ -123,9 +123,9 @@ int ff_add_attached_pic(AVFormatContext *s, AVStream *st0, AVIOContext *pb,
>      if (!st && !(st = avformat_new_stream(s, NULL)))
>          return AVERROR(ENOMEM);
>      pkt = &st->attached_pic;
> +    av_packet_unref(pkt);
>      if (buf) {
>          av_assert1(*buf);
> -        av_packet_unref(pkt);
>          pkt->buf  = *buf;
>          pkt->data = (*buf)->data;
>          pkt->size = (*buf)->size - AV_INPUT_BUFFER_PADDING_SIZE;

This seems to be from the ff_add_attached_pic() call in
mov_read_chapters() with the referenced stream having been created in
mov_read_covr(). The latter does not set a proper id -- it just takes
what avformat_new_stream() sets as id on every new stream (namely zero).
So it makes no real sense to compare it to the ids contained in
chapter_tracks (can really every track be reinterpreted as chapter
track?). But I am no mov/mp4 expert.
Anyway, does the following fix it?

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 7bdeeb99f9..51d97296f1 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -8820,7 +8820,7 @@ static void mov_read_chapters(AVFormatContext *s)

         if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
             st->disposition |= AV_DISPOSITION_ATTACHED_PIC |
AV_DISPOSITION_TIMED_THUMBNAILS;
-            if (sti->nb_index_entries) {
+            if (!st->attached_pic.data && sti->nb_index_entries) {
                 // Retrieve the first frame, if possible
                 AVIndexEntry *sample = &sti->index_entries[0];
                 if (avio_seek(sc->pb, sample->pos, SEEK_SET) !=
sample->pos) {
s

- Andreas

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".