[FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

Carl Eugen Hoyos ceffmpeg at gmail.com
Sat Nov 4 02:05:58 EET 2017


2017-11-01 17:03 GMT+01:00 Carl Eugen Hoyos <ceffmpeg at gmail.com>:
> 2017-11-01 17:01 GMT+01:00 Paul B Mahol <onemda at gmail.com>:
>> On 11/1/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>>> 2017-11-01 15:40 GMT+01:00 Paul B Mahol <onemda at gmail.com>:
>>>> On 11/1/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>>>>> Hi!
>>>>>
>>>>> It appears to me that the alac decoder can be used for DoS,
>>>>> the attached patch limits the maximum frame size to eight
>>>>> times the default value.
>>>>> (Higher values brake our encoder here.)
>>>>>
>>>>> Please comment and / or suggest another value, Carl Eugen
>>>>>
>>>>
>>>> So alac encoder can not handle bigger frames or what?
>>>>
>>>> Look at other alac encoders, what are their limit on frame size?
>>>
>>> I am not sure if it is enough to look on Apple's encoder, after
>>> all, their decoder looks exploitable (or maybe I miss something).
>>>
>>>> The limit you set is too low IMHO.
>>>
>>> Could you suggest a limit that's below the several-GB area?
>>
>> I remmeber some lossless audio codecs can have very big
>> frames, several MB.
>
> So what about 4096 * 4096 as an arbitrary limit?

Any opinion?

Carl Eugen


More information about the ffmpeg-devel mailing list