Recherche avancée

Sur d’autres sites (9191)

• Heroic Defender of the Stack

  27 janvier 2011, par Multimedia Mike — Programming

  Problem Statement

  I have been investigating stack smashing and countermeasures (stack smashing prevention, or SSP). Briefly, stack smashing occurs when a function allocates a static array on the stack and writes past the end of it, onto other local variables and eventually onto other function stack frames. When it comes time to return from the function, the return address has been corrupted and the program ends up some place it really shouldn’t. In the best case, the program just crashes ; in the worst case, a malicious party crafts code to exploit this malfunction.

  Further, debugging such a problem is especially obnoxious because by the time the program has crashed, it has already trashed any record (on the stack) of how it got into the errant state.

  Preventative Countermeasure

  GCC has had SSP since version 4.1. The computer inserts SSP as additional code when the -fstack-protector command line switch is specified. Implementation-wise, SSP basically inserts a special value (the literature refers to this as the ’canary’ as in "canary in the coalmine") at the top of the stack frame when entering the function, and code before leaving the function to make sure the canary didn’t get stepped on. If something happens to the canary, the program is immediately aborted with a message to stderr about what happened. Further, gcc’s man page on my Ubuntu machine proudly trumpets that this functionality is enabled per default ever since Ubuntu 6.10.

  And that’s really all there is to it. Your code is safe from stack smashing by default. Or so the hand-wavy documentation would have you believe.

  Not exactly

  Exercising the SSP

  I wanted to see the SSP in action to make sure it was a real thing. So I wrote some code that smashes the stack in pretty brazen ways so that I could reasonably expect to trigger the SSP (see later in this post for the code). Here’s what I learned that wasn’t in any documentation :

  SSP is only emitted for functions that have static arrays of 8-bit data (i.e., [unsigned] chars). If you have static arrays of other data types (like, say, 32-bit ints), those are still fair game for stack smashing.

  Evaluating the security vs. speed/code size trade-offs, it makes sense that the compiler wouldn’t apply this protection everywhere (I can only muse about how my optimization-obsessive multimedia hacking colleagues would absolute freak out if this code were unilaterally added to all functions). So why are only static char arrays deemed to be "vulnerable objects" (the wording that the gcc man page uses) ? A security hacking colleague suggested that this is probably due to the fact that the kind of data which poses the highest risk is arrays of 8-bit input data from, e.g., network sources.

  The gcc man page also lists an option -fstack-protector-all that is supposed to protect all functions. The man page’s definition of "all functions" perhaps differs from my own since invoking the option does not have differ in result from plain, vanilla -fstack-protector.

  The Valgrind Connection

  "Memory trouble ? Run Valgrind !" That may as well be Valgrind’s marketing slogan. Indeed, it’s the go-to utility for finding troublesome memory-related problems and has saved me on a number of occasions. However, it must be noted that it is useless for debugging this type of problem. If you understand how Valgrind works, this makes perfect sense. Valgrind operates by watching all memory accesses and ensuring that the program is only accessing memory to which it has privileges. In the stack smashing scenario, the program is fully allowed to write to that stack space ; after all, the program recently, legitimately pushed that return value onto the stack when calling the errant, stack smashing function.

  Valgrind embodies a suite of tools. My idea for an addition to this suite would be a mechanism which tracks return values every time a call instruction is encountered. The tool could track the return values in a separate stack data structure, though this might have some thorny consequences for some more unusual program flows. Instead, it might track them in some kind of hash/dictionary data structure and warn the programmer whenever a ’ret’ instruction is returning to an address that isn’t in the dictionary.

  Simple Stack Smashing Code

  Here’s the code I wrote to test exactly how SSP gets invoked in gcc. Compile with ’gcc -g -O0 -Wall -fstack-protector-all -Wstack-protector stack-fun.c -o stack-fun’.

  stack-fun.c :

  PLAIN TEXT

  C :

  1. /* keep outside of the stack frame */
  2. static int i ;
  3.  
  4. void stack_smasher32(void)
  5. {
  6.  int buffer32[8] ;
  7.  // uncomment this array and compile without optimizations
  8.  // in order to force this function to compile with SSP
  9. // char buffer_to_trigger_ssp[8] ;
  10.  
  11.  for (i = 0 ; i <50 ; i++)
  12.   buffer32[i] = 0xA5 ;
  13. }
  14.  
  15. void stack_smasher8(void)
  16. {
  17.  char buffer8[8] ;
  18.  for (i = 0 ; i <50 ; i++)
  19.   buffer8[i] = 0xA5 ;
  20. }
  21.  
  22. int main()
  23. {
  24. // stack_smasher8() ;
  25.  stack_smasher32() ;
  26.  return 0 ;
  27. }

  The above incarnation should just produce the traditional "Segmentation fault". However, uncommenting and executing stack_smasher8() in favor of stack_smasher32() should result in "*** stack smashing detected *** : ./stack-fun terminated", followed by the venerable "Segmentation fault".

  As indicated in the comments for stack_smasher32(), it’s possible to trick the compiler into emitting SSP for a function by inserting an array of at least 8 bytes (any less and SSP won’t emit, as documented, unless gcc’s ssp-buffer-size parameter is tweaked). This has to be compiled with no optimization at all (-O0) or else the compiler will (quite justifiably) optimize away the unused buffer and omit SSP.

  For reference, I ran my tests on Ubuntu 10.04.1 with gcc 4.4.3 compiling the code for both x86_32 and x86_64.

• Remove black frames and sync audio with ffmpeg

  24 janvier 2020, par rahim123

  I’m trying to figure out a way to automatically process .mp4 or .mkv videos that have been manually edited to remove a bunch of segments, leaving many blank spaces (black frames with no audio). I want to remove all but one black frame (although I would settle for removing all of them if it’s much simpler) and then also sync the audio after the video timings change.

  I found this question and tried the three main suggestions :

  1. ffmpeg -i in.mkv -vf mpdecimate,setpts=N/FRAME_RATE/TB out.mkv
  2. ffmpeg -i in.mkv -vf [mpdecimate][] out.mkv
  3. ffmpeg -i in.mkv -vf [decimate][]=cycle=6,[setpts][]=N/25/TB out.mkv

  The first one does eliminate the black segments, but it doesn’t sync the audio. The other two commands don’t work :

  > ffmpeg -i in.mp4 -vf [decimate][]=cycle=6,[setpts][]=N/25/TB out.mp4
  
  ffmpeg version 4.2.1 Copyright (c) 2000-2019 the FFmpeg developers
  
    built with gcc 9 (SUSE Linux)
  
    configuration: --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64 --incdir=/usr/include/ffmpeg --extra-cflags='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g' --optflags='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g' --disable-htmlpages --enable-pic --disable-stripping --enable-shared --disable-static --enable-gpl --disable-openssl --enable-avresample --enable-gnutls --enable-ladspa --enable-libaom --enable-libass --enable-libbluray --enable-libbs2b --enable-libcelt --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libdc1394 --enable-libdrm --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgsm --enable-libjack --enable-libmp3lame --enable-libmysofa --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librubberband --enable-libsoxr --enable-libspeex --enable-libssh --enable-libsrt --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvorbis --enable-libv4l2 --enable-libvpx --enable-libwebp --enable-libxml2 --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lto --enable-lv2 --enable-libmfx --enable-vaapi --enable-vdpau --enable-libfdk-aac-dlopen --enable-nonfree --enable-libvo-amrwbenc --enable-version3 --enable-libx264 --enable-libx265 --enable-librtmp --enable-libxvid
  
    libavutil      56. 31.100 / 56. 31.100
  
    libavcodec     58. 54.100 / 58. 54.100
  
    libavformat    58. 29.100 / 58. 29.100
  
    libavdevice    58.  8.100 / 58.  8.100
  
    libavfilter     7. 57.100 /  7. 57.100
  
    libavresample   4.  0.  0 /  4.  0.  0
  
    libswscale      5.  5.100 /  5.  5.100
  
    libswresample   3.  5.100 /  3.  5.100
  
    libpostproc    55.  5.100 / 55.  5.100
  
  Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'in.mp4':
  
    Metadata:
  
      major_brand     : isom
  
      minor_version   : 512
  
      compatible_brands: isomiso2avc1mp41
  
      encoder         : Lavf58.20.100
  
    Duration: 00:34:23.62, start: 0.000000, bitrate: 506 kb/s
  
      Stream #0:0(und): Video: h264 (Main) (avc1 / 0x31637661), yuv420p(tv, smpte170m/unknown/smpte170m), 640x480 [SAR 1:1 DAR 4:3], 412 kb/s, 29.97 fps, 29.97 tbr, 1867500000.00 tbn, 59.94 tbc (default)
  
      Metadata:
  
        handler_name    : VideoHandler
  
      Stream #0:1(und): Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz, stereo, fltp, 86 kb/s (default)
  
      Metadata:
  
        handler_name    : SoundHandler
  
  Stream mapping:
  
    Stream #0:0 -> #0:0 (h264 (native) -> h264 (libx264))
  
    Stream #0:1 -> #0:1 (aac (native) -> aac (native))
  
  Press [q] to stop, [?] for help
  
  [AVFilterGraph @ 0x55ece8def080] Bad (empty?) label found in the following: "[]=cycle=6,[setpts][]=N/25/TB".
  
  Error reinitializing filters!
  
  Failed to inject frame into filter network: Invalid argument
  
  Error while processing the decoded data for stream #0:0
  
  [aac @ 0x55ece8c5be80] Qavg: 222.643
  
  [aac @ 0x55ece8c5be80] 2 frames left in the queue on closing
  
  Conversion failed!

  > ffmpeg -i in.mp4 -vf [decimate][]=cycle=6,[setpts][]=N/25/TB out.mp4
  
  ffmpeg version 4.2.1 Copyright (c) 2000-2019 the FFmpeg developers
  
    built with gcc 9 (SUSE Linux)
  
    configuration: --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64 --incdir=/usr/include/ffmpeg --extra-cflags='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g' --optflags='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g' --disable-htmlpages --enable-pic --disable-stripping --enable-shared --disable-static --enable-gpl --disable-openssl --enable-avresample --enable-gnutls --enable-ladspa --enable-libaom --enable-libass --enable-libbluray --enable-libbs2b --enable-libcelt --enable-libcdio --enable-libcodec2 --enable-libdav1d --enable-libdc1394 --enable-libdrm --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgsm --enable-libjack --enable-libmp3lame --enable-libmysofa --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librubberband --enable-libsoxr --enable-libspeex --enable-libssh --enable-libsrt --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvorbis --enable-libv4l2 --enable-libvpx --enable-libwebp --enable-libxml2 --enable-libzimg --enable-libzmq --enable-libzvbi --enable-lto --enable-lv2 --enable-libmfx --enable-vaapi --enable-vdpau --enable-libfdk-aac-dlopen --enable-nonfree --enable-libvo-amrwbenc --enable-version3 --enable-libx264 --enable-libx265 --enable-librtmp --enable-libxvid
  
    libavutil      56. 31.100 / 56. 31.100
  
    libavcodec     58. 54.100 / 58. 54.100
  
    libavformat    58. 29.100 / 58. 29.100
  
    libavdevice    58.  8.100 / 58.  8.100
  
    libavfilter     7. 57.100 /  7. 57.100
  
    libavresample   4.  0.  0 /  4.  0.  0
  
    libswscale      5.  5.100 /  5.  5.100
  
    libswresample   3.  5.100 /  3.  5.100
  
    libpostproc    55.  5.100 / 55.  5.100
  
  Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'in.mp4':
  
    Metadata:
  
      major_brand     : isom
  
      minor_version   : 512
  
      compatible_brands: isomiso2avc1mp41
  
      encoder         : Lavf58.20.100
  
    Duration: 00:34:23.62, start: 0.000000, bitrate: 506 kb/s
  
      Stream #0:0(und): Video: h264 (Main) (avc1 / 0x31637661), yuv420p(tv, smpte170m/unknown/smpte170m), 640x480 [SAR 1:1 DAR 4:3], 412 kb/s, 29.97 fps, 29.97 tbr, 1867500000.00 tbn, 59.94 tbc (default)
  
      Metadata:
  
        handler_name    : VideoHandler
  
      Stream #0:1(und): Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz, stereo, fltp, 86 kb/s (default)
  
      Metadata:
  
        handler_name    : SoundHandler
  
  Stream mapping:
  
    Stream #0:0 -> #0:0 (h264 (native) -> h264 (libx264))
  
    Stream #0:1 -> #0:1 (aac (native) -> aac (native))
  
  Press [q] to stop, [?] for help
  
  [AVFilterGraph @ 0x558b0d48af80] Bad (empty?) label found in the following: "[]=cycle=6,[setpts][]=N/25/TB".
  
  Error reinitializing filters!
  
  Failed to inject frame into filter network: Invalid argument
  
  Error while processing the decoded data for stream #0:0
  
  [aac @ 0x558b0d2f7e80] Qavg: 222.643
  
  [aac @ 0x558b0d2f7e80] 2 frames left in the queue on closing
  
  Conversion failed!

  I also tried this script, but it also fails to sync the audio. I tried with both .mp4 and .mkv source files. Thanks for the help.

• avcodec/encode : Always use intermediate buffer in ff_alloc_packet2()

  11 mai 2021, par Andreas Rheinhardt

  avcodec/encode : Always use intermediate buffer in ff_alloc_packet2()
  Up until now, ff_alloc_packet2() has a min_size parameter :
  
  It is supposed to be a lower bound on the final size of the packet
  
  to allocate. If it is not too far from the upper bound (namely,
  
  if it is at least half the upper bound), then ff_alloc_packet2()
  
  already allocates the final, already refcounted packet ; if it is
  
  not, then the packet is not refcounted and its data only points to
  
  a buffer owned by the AVCodecContext (in this case, the packet will
  
  be made refcounted in encode_simple_internal() in libavcodec/encode.c).
  
  The goal of this was to avoid data copies and intermediate buffers
  
  if one has a precise lower bound.
  Yet those encoders for which precise lower bounds exist have recently
  
  been switched to ff_get_encode_buffer() (which automatically allocates
  
  final buffers), leaving only two encoders to actually set the min_size
  
  to something else than zero (namely aliaspixenc and hapenc). Both of
  
  these encoders use a very low lower bound that is not helpful in any
  
  nontrivial case.
  This commit therefore removes the min_size parameter as well as the
  
  codepath in ff_alloc_packet2() for the allocation of final buffers.
  
  Furthermore, the function has been renamed to ff_alloc_packet() and
  
  moved to encode.h alongside ff_get_encode_buffer().
  Signed-off-by : Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
  

  • [DH] libavcodec/aacenc.c
  • [DH] libavcodec/alacenc.c
  • [DH] libavcodec/aliaspixenc.c
  • [DH] libavcodec/asvenc.c
  • [DH] libavcodec/audiotoolboxenc.c
  • [DH] libavcodec/cfhdenc.c
  • [DH] libavcodec/cinepakenc.c
  • [DH] libavcodec/encode.c
  • [DH] libavcodec/encode.h
  • [DH] libavcodec/ffv1enc.c
  • [DH] libavcodec/flashsv2enc.c
  • [DH] libavcodec/flashsvenc.c
  • [DH] libavcodec/gif.c
  • [DH] libavcodec/hapenc.c
  • [DH] libavcodec/huffyuvenc.c
  • [DH] libavcodec/internal.h
  • [DH] libavcodec/j2kenc.c
  • [DH] libavcodec/lclenc.c
  • [DH] libavcodec/libfdk-aacenc.c
  • [DH] libavcodec/libilbc.c
  • [DH] libavcodec/libopencore-amr.c
  • [DH] libavcodec/libopenjpegenc.c
  • [DH] libavcodec/libopusenc.c
  • [DH] libavcodec/libspeexenc.c
  • [DH] libavcodec/libtwolame.c
  • [DH] libavcodec/libvo-amrwbenc.c
  • [DH] libavcodec/libxvid.c
  • [DH] libavcodec/ljpegenc.c
  • [DH] libavcodec/magicyuvenc.c
  • [DH] libavcodec/mlpenc.c
  • [DH] libavcodec/mpegaudioenc_template.c
  • [DH] libavcodec/mpegvideo_enc.c
  • [DH] libavcodec/msvideo1enc.c
  • [DH] libavcodec/opusenc.c
  • [DH] libavcodec/pcxenc.c
  • [DH] libavcodec/pngenc.c
  • [DH] libavcodec/proresenc_anatoliy.c
  • [DH] libavcodec/proresenc_kostya.c
  • [DH] libavcodec/qtrleenc.c
  • [DH] libavcodec/roqvideoenc.c
  • [DH] libavcodec/rpzaenc.c
  • [DH] libavcodec/sgienc.c
  • [DH] libavcodec/snowenc.c
  • [DH] libavcodec/sonic.c
  • [DH] libavcodec/sunrastenc.c
  • [DH] libavcodec/svq1enc.c
  • [DH] libavcodec/targaenc.c
  • [DH] libavcodec/tiffenc.c
  • [DH] libavcodec/ttaenc.c
  • [DH] libavcodec/utvideoenc.c
  • [DH] libavcodec/vorbisenc.c
  • [DH] libavcodec/wavpackenc.c
  • [DH] libavcodec/wmaenc.c
  • [DH] libavcodec/xbmenc.c