[FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.
derek.buitenhuis at gmail.com
Wed Nov 1 16:46:56 EET 2017
On 11/1/2017 2:25 PM, Carl Eugen Hoyos wrote:
> It appears to me that the alac decoder can be used for DoS, the attached patch
> limits the maximum frame size to eight times the default value.
> (Higher values brake our encoder here.)
Since the official ALAC encoder/decoder are open ource nowadays, I took a look
a its source, and it doesn't seem to set any such limit in the encoder or decoder.
So, isn't it possible this arbitrary hardcoded limit breaks valid files?
More information about the ffmpeg-devel