aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat/mov.c
diff options
context:
space:
mode:
authorShuangxiLi <lishuangxi@huawei.com>2022-07-02 15:40:57 +0800
committerMarton Balint <cus@passwd.hu>2022-07-12 18:48:54 +0200
commit046b05082dee1df500fc36b3db884101f7449383 (patch)
tree8930b4ad434542764032369c46b8b3ad194dd59f /libavformat/mov.c
parent9222965fdd9594ff9e921d4ad25beac4eefa2373 (diff)
downloadffmpeg-046b05082dee1df500fc36b3db884101f7449383.tar.gz
avformat/mov: fix possible crash in cenc_scheme_decrypt
Data does not have to be decrypted in 16-byte blocks for AES-CTR mode, so existing buggy code can be hugely simplified. Fixes ticket #9829. Signed-off-by: Marton Balint <cus@passwd.hu>
Diffstat (limited to 'libavformat/mov.c')
-rw-r--r--libavformat/mov.c29
1 files changed, 2 insertions, 27 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 6eb631d45b..29828ea7e6 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -6824,9 +6824,6 @@ static int cenc_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption
{
int i, ret;
int bytes_of_protected_data;
- int partially_encrypted_block_size;
- uint8_t *partially_encrypted_block;
- uint8_t block[16];
if (!sc->cenc.aes_ctr) {
/* initialize the cipher */
@@ -6849,8 +6846,6 @@ static int cenc_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption
return 0;
}
- partially_encrypted_block_size = 0;
-
for (i = 0; i < sample->subsample_count; i++) {
if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) {
av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
@@ -6863,28 +6858,8 @@ static int cenc_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryption
/* decrypt the encrypted bytes */
- if (partially_encrypted_block_size) {
- memcpy(block, partially_encrypted_block, partially_encrypted_block_size);
- memcpy(block+partially_encrypted_block_size, input, 16-partially_encrypted_block_size);
- av_aes_ctr_crypt(sc->cenc.aes_ctr, block, block, 16);
- memcpy(partially_encrypted_block, block, partially_encrypted_block_size);
- memcpy(input, block+partially_encrypted_block_size, 16-partially_encrypted_block_size);
- input += 16-partially_encrypted_block_size;
- size -= 16-partially_encrypted_block_size;
- bytes_of_protected_data = sample->subsamples[i].bytes_of_protected_data - (16-partially_encrypted_block_size);
- } else {
- bytes_of_protected_data = sample->subsamples[i].bytes_of_protected_data;
- }
-
- if (i < sample->subsample_count-1) {
- int num_of_encrypted_blocks = bytes_of_protected_data/16;
- partially_encrypted_block_size = bytes_of_protected_data%16;
- if (partially_encrypted_block_size)
- partially_encrypted_block = input + 16*num_of_encrypted_blocks;
- av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, 16*num_of_encrypted_blocks);
- } else {
- av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, bytes_of_protected_data);
- }
+ bytes_of_protected_data = sample->subsamples[i].bytes_of_protected_data;
+ av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, bytes_of_protected_data);
input += bytes_of_protected_data;
size -= bytes_of_protected_data;