[FFmpeg-devel] [PATCH] latmenc: validate extradata size.

Kieran Kunhya kierank at ob-encoder.com
Wed Apr 11 21:46:41 CEST 2012


On Wed, Apr 11, 2012 at 8:39 PM, Reimar Döffinger
<Reimar.Doeffinger at gmx.de> wrote:
> On Wed, Apr 11, 2012 at 08:22:59PM +0100, Kieran Kunhya wrote:
>> Imho should be checked somewhere else since broken extradata sizes
>> should be sanity check for all types of 14496-3.
>
> What do you mean by "somewhere else" exactly?
> Also I have no real reason to believe that there is any
> specific size that is "broken", I see no reason why the extradata
> of an AAC stream on mov couldn't be 50 MB and still be
> "valid" even if silly.
> The only reasons to check it here are
> a) the format has a rather strict limit on the overall data size, so
> this might allow catching some things that are sure to fail early on
> b) far more importantly, the current code is potentially exploitable
> and that is the least effort way to plug the hole I can see.

Is extradata for AAC in mov meant to be more than just GASpecificConfig?
There's no documentation anywhere for AAC extradata.


More information about the ffmpeg-devel mailing list