[FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.
Carl Eugen Hoyos
ceffmpeg at gmail.com
Sat Nov 4 18:09:43 EET 2017
2017-11-04 10:23 GMT+01:00 Paul B Mahol <onemda at gmail.com>:
> On 11/4/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>> 2017-11-01 17:03 GMT+01:00 Carl Eugen Hoyos <ceffmpeg at gmail.com>:
>>> 2017-11-01 17:01 GMT+01:00 Paul B Mahol <onemda at gmail.com>:
>>>> On 11/1/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>>>>> 2017-11-01 15:40 GMT+01:00 Paul B Mahol <onemda at gmail.com>:
>>>>>> On 11/1/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>>>>>>> Hi!
>>>>>>>
>>>>>>> It appears to me that the alac decoder can be used for DoS,
>>>>>>> the attached patch limits the maximum frame size to eight
>>>>>>> times the default value.
>>>>>>> (Higher values brake our encoder here.)
>>>>>>>
>>>>>>> Please comment and / or suggest another value, Carl Eugen
>>>>>>>
>>>>>>
>>>>>> So alac encoder can not handle bigger frames or what?
>>>>>>
>>>>>> Look at other alac encoders, what are their limit on frame size?
>>>>>
>>>>> I am not sure if it is enough to look on Apple's encoder, after
>>>>> all, their decoder looks exploitable (or maybe I miss something).
>>>>>
>>>>>> The limit you set is too low IMHO.
>>>>>
>>>>> Could you suggest a limit that's below the several-GB area?
>>>>
>>>> I remmeber some lossless audio codecs can have very big
>>>> frames, several MB.
>>>
>>> So what about 4096 * 4096 as an arbitrary limit?
>>
>> Any opinion?
>
> ok
Patch applied.
Thank you, Carl Eugen
More information about the ffmpeg-devel
mailing list