[FFmpeg-devel] qt-faststart bug near 4GB
Eran Kornblau
eran.kornblau at kaltura.com
Wed Jun 13 11:54:20 EEST 2018
>
> -----Original Message-----
> From: ffmpeg-devel [mailto:ffmpeg-devel-bounces at ffmpeg.org] On Behalf Of Michael Niedermayer
> Sent: Wednesday, June 13, 2018 1:41 AM
> To: FFmpeg development discussions and patches <ffmpeg-devel at ffmpeg.org>
> Subject: Re: [FFmpeg-devel] qt-faststart bug near 4GB
>
>
> this is not mandatory but trying with some basic fuzzer seems like a good idea look at the examples in the manpage of zzuf for example, its very easy to use
>
Ok, zzuf is indeed easy to use :)
One issue that it surfaced is the lack of validation on ftyp atom size
(unrelated to this patch) -
At some iteration it changed the ftyp size to a large number, faststart
managed to allocate it, but zzuf did not. I don't think this is a real
issue (if the code did malloc(size+1), read(size) then it could have been...)
Anyway, I used the attached patch to work around it. I didn't find any
official limit to the size of this atom, so I randomly chose 1MB, which is
several orders of magnitude larger than any ftyp I've seen...
Btw, the exact same issue exists for moov, I can submit a patch for that too,
although there it will be harder to find a good limit. We're using 256MB
as the limit for moov size in our JIT packager.
These are the commands that I used for the test -
# ffmpeg -f lavfi -i anullsrc=sample_rate=48000 -t 0.1 faststart-zzuf.mp4
# zzuf -s 0:1000000 tools/qt-faststart faststart-zzuf.mp4 faststart-output.mp4 > zzuf-output.txt 2> zzuf-error.txt
# sort -u zzuf-error.txt
faststart-zzuf.mp4: Invalid argument
faststart-zzuf.mp4: Success
# sort -u zzuf-output.txt | awk 'NF<1 || $(NF-1) !~ /[0-9]+/ || $NF !~ /[0-9]+/' | grep -av 'too big$' | grep -av 'too small$'
copying rest of file...
encountered non-QT top-level atom (is this a QuickTime file?)
last atom in file was not a moov atom
not enough room for 64 bit atom size
patching stco atom...
writing ftyp atom...
writing moov atom...
Thanks!
Eran
> [...]
>
> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> The greatest way to live with honor in this world is to be what we pretend to be. -- Socrates
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-qt-faststart-add-validation-on-ftyp-atom-size.patch
Type: application/octet-stream
Size: 1135 bytes
Desc: 0001-qt-faststart-add-validation-on-ftyp-atom-size.patch
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180613/6d86645e/attachment.obj>
More information about the ffmpeg-devel
mailing list