[FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.
Paul B Mahol
onemda at gmail.com
Wed Nov 1 16:40:52 EET 2017
On 11/1/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
> Hi!
>
> It appears to me that the alac decoder can be used for DoS, the attached
> patch
> limits the maximum frame size to eight times the default value.
> (Higher values brake our encoder here.)
>
> Please comment and / or suggest another value, Carl Eugen
>
So alac encoder can not handle bigger frames or what?
Look at other alac encoders, what are their limit on frame size?
The limit you set is too low IMHO.
More information about the ffmpeg-devel
mailing list