[FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.
Carl Eugen Hoyos
ceffmpeg at gmail.com
Wed Nov 1 18:03:26 EET 2017
2017-11-01 17:01 GMT+01:00 Paul B Mahol <onemda at gmail.com>:
> On 11/1/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>> 2017-11-01 15:40 GMT+01:00 Paul B Mahol <onemda at gmail.com>:
>>> On 11/1/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>>>> Hi!
>>>>
>>>> It appears to me that the alac decoder can be used for DoS,
>>>> the attached patch limits the maximum frame size to eight
>>>> times the default value.
>>>> (Higher values brake our encoder here.)
>>>>
>>>> Please comment and / or suggest another value, Carl Eugen
>>>>
>>>
>>> So alac encoder can not handle bigger frames or what?
>>>
>>> Look at other alac encoders, what are their limit on frame size?
>>
>> I am not sure if it is enough to look on Apple's encoder, after
>> all, their decoder looks exploitable (or maybe I miss something).
>>
>>> The limit you set is too low IMHO.
>>
>> Could you suggest a limit that's below the several-GB area?
>
> I remmeber some lossless audio codecs can have very big
> frames, several MB.
So what about 4096 * 4096 as an arbitrary limit?
Carl Eugen
More information about the ffmpeg-devel
mailing list