[FFmpeg-devel] [PATCH 17/36] avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input

Michael Niedermayer michael at niedermayer.cc
Sat May 30 21:21:53 EEST 2020


On Sat, May 30, 2020 at 06:05:22PM +0200, Andreas Rheinhardt wrote:
> The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
> is so big that it extends beyond the end of the input packet; it does so
> only implicitly by using the checked version of the bytestream2 API.
> But this has downsides compared to real checks: It can lead to huge
> allocations (up to 2GiB) even when the input packet is just a few bytes.
> And furthermore it leads to uninitialized data being output.
> So add a check to error out early if it happens.
> 
> Also check directly whether there is enough data for the length field.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
>  libavcodec/hevc_mp4toannexb_bsf.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)

probably ok

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

"Nothing to hide" only works if the folks in power share the values of
you and everyone you know entirely and always will -- Tom Scott

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200530/b18af743/attachment.sig>


More information about the ffmpeg-devel mailing list