[FFmpeg-devel] [PATCH 5/7] avformat/wavdec: Avoid zeroing written to array
Michael Niedermayer
michael at niedermayer.cc
Mon Nov 16 23:28:48 EET 2020
On Mon, Nov 16, 2020 at 07:07:21AM +0100, Anton Khirnov wrote:
> Quoting Michael Niedermayer (2020-11-16 01:05:07)
> > On Sat, Nov 14, 2020 at 11:12:15AM +0100, Anton Khirnov wrote:
> > > Quoting Michael Niedermayer (2020-11-10 00:04:54)
> > > > Fixes: OOM
> > > > Fixes: 26934/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5996784213819392
> > > >
> > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > > > ---
> > > > libavformat/wavdec.c | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c
> > > > index a81f2c7a67..6e5f4ccc12 100644
> > > > --- a/libavformat/wavdec.c
> > > > +++ b/libavformat/wavdec.c
> > > > @@ -920,7 +920,7 @@ static int w64_read_header(AVFormatContext *s)
> > > > if (chunk_size == UINT32_MAX || (filesize >= 0 && chunk_size > filesize))
> > > > return AVERROR_INVALIDDATA;
> > > >
> > > > - value = av_mallocz(chunk_size + 1);
> > > > + value = av_malloc(chunk_size + 1);
> > >
> > > This looks highly suspicious as a fix for anything other than
> > > performance.
> >
> > if iam not mistaken:
> > The allocation doesnzt trigger OOM as no physical memory is allocated
> > but once it is written to "z" it does and then OOMs
> > if OTOH its written too while data is read from somewhere then a
> > EOF ends writing and no OOM would happen
>
> That is highly dependent on your OS and its configuration (e.g. you can
> disable overcommit on Linux).
yes thats correct
If the OS supports this then a OOM can be avoided, otherwise it will OOM
Avoiding the OOM in the remaining cases seems too messy to me. OTOH
this here is a rather simple change ...
>
> Also, there seems to be a check right above that fails if chunk_size is
> larger than the file size.
The file size is not always known
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
He who knows, does not speak. He who speaks, does not know. -- Lao Tsu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20201116/ebc0ef37/attachment.sig>
More information about the ffmpeg-devel
mailing list