From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id BBF9140F8E for ; Wed, 13 Apr 2022 13:03:15 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id AE3B468B3C7; Wed, 13 Apr 2022 16:03:12 +0300 (EEST) Received: from out162-62-57-64.mail.qq.com (out162-62-57-64.mail.qq.com [162.62.57.64]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 999C768B0BB for ; Wed, 13 Apr 2022 16:03:05 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com; s=s201512; t=1649854981; bh=huyXIa6nwC2pIqCV7QQTrHWJ1WWzQAH78krub6sZ8AY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=evCW5TplgAR25kD3WLQmJ13o3Aspajp/XJ5nQB2ulcjb3IbcF6P5akfa2RvR5Nb7P 5VfGhwfrGYd6v2X+ekODZaHJWq0Dp/1FdjYI79RUYnMdiFHUJrcR0NkkKRPbGm5uOe txLJDtH5LF4OQcagXAjgNnXPqlWNeqRS2kUg3RpI= Received: from ZHILIZHAO-MB2.tencent.com ([113.108.77.51]) by newxmesmtplogicsvrszc9.qq.com (NewEsmtp) with SMTP id C02AA03; Wed, 13 Apr 2022 21:03:00 +0800 X-QQ-mid: xmsmtpt1649854980thxsje6h3 Message-ID: X-QQ-XMAILINFO: NiAdzfE16ND40AG1a1fWNdnFhtrZ4DkthL/qGAaAlEYLsYsBYYzE2wcOLhfsLo 2eK5gRNqoASXWPeZ31TxF6PZ4kCUijULhdMBAYt7bR8tF6xPsjMpbdHOERqAhtTN1/RofzzmIRho aCy+FAZpvPrnYLsiZuQYRI1ZNTuKC0DG5ssuFu+2Vwi9mV+BmYxPZyCcdIOkx13ceBve5potkW1Z 5oUSMrV+rs9aAb9pW6+M32qaiLjETZoZhaL+NfwuRnQUC1o1aLIFeVQsQlGbBjw84OD8gx8W9LYh tzSYLno+Z5sFlSvgSEan+BqCaGkD5KheaMV/uMW5i2oleC2xDntY5n8z/jEfaicytwvY7Z6EXXwx jwK/gmf8Yj0AH8uwVOQ0AsJuVUokTu0IWtoYAfW9xy+e12w7ae+1VIu4/8+QczPSZ297k0zRMzwd PvUfRBlwY2SU+hlsCuBbBU4Oyd3OL/X+SbRSqI0ivNIlpFMe6n95KuAS7soAi0TM5Kdm3Qz97iQJ haLmwbanmbzdZ3PCOqg2CT3pyWKqyzWuuQ5UwdSp0gCTeOUMK1eUG7qewj4Q7JW/fpVGkp8bnioP kxLmUM9f3lsGm46w28fpoTJ3Zqf0Uo/GsgHeYAUD+NHitlEEv5lL7dwzRJLszOgTJt09BYWhVdeX KZrKP2kTTM5mb5DuvYcwn9JPNgd895Dnndv0jSiYNNLqMEZpvb3CYMMoKnu3XjqLuSTTklQrdYWN ATvehl0ZgbqkjgxsVk+aqQUVIldgxTELWzdIbuDcl6L6sfDhM+fLE9SaWiP1UTn3oiO0mfKLxXhy aQHShWLdphQebaClgu4l5GhdJvP1aRyeRlblW6Ywk5XKMpEFz79yiMiibWPPjN5ner4I4JvIT3Jc sqUFZK+kbX7GRZnVbI9BmOivAbowJFAVqgpHvLs3kXTl7WZy49fRYxnDMieNkT6w== From: Zhao Zhili To: ffmpeg-devel@ffmpeg.org Date: Wed, 13 Apr 2022 21:02:58 +0800 X-OQ-MSGID: <20220413130258.69659-1-quinkblack@foxmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <164985079952.21047.6948837515637292729@lain.red.khirnov.net> References: <164985079952.21047.6948837515637292729@lain.red.khirnov.net> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v2] avformat/hls: check IV size inside EXT-X-KEY X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Zhao Zhili Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Before the patch, an implicit padding on the right is applied for incomplete IV in manifest. No padding is allowed for IV inside EXT-X-KEY. --- libavformat/hls.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 83ff4cc607..312294f0c7 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -810,7 +810,12 @@ static int parse_playlist(HLSContext *c, const char *url, if (!strcmp(info.method, "SAMPLE-AES")) key_type = KEY_SAMPLE_AES; if (!av_strncasecmp(info.iv, "0x", 2)) { - ff_hex_to_data(iv, info.iv + 2); + int n = ff_hex_to_data(iv, info.iv + 2); + if (n != 16) { + av_log(c->ctx, AV_LOG_ERROR, "Incomplete IV '%s'\n", info.iv); + ret = AVERROR_INVALIDDATA; + goto fail; + } has_iv = 1; } av_strlcpy(key, info.uri, sizeof(key)); -- 2.31.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".