[FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.
Derek Buitenhuis
derek.buitenhuis at gmail.com
Wed Nov 1 16:46:56 EET 2017
On 11/1/2017 2:25 PM, Carl Eugen Hoyos wrote:
> It appears to me that the alac decoder can be used for DoS, the attached patch
> limits the maximum frame size to eight times the default value.
> (Higher values brake our encoder here.)
Since the official ALAC encoder/decoder are open ource nowadays, I took a look
a its source, and it doesn't seem to set any such limit in the encoder or decoder.
So, isn't it possible this arbitrary hardcoded limit breaks valid files?
- Derek
More information about the ffmpeg-devel
mailing list