[FFmpeg-devel] AVDictionary for binary tags

Dmitry Kostjuchenko dmitrykos at iauxsoft.com
Sat Jan 21 19:54:37 CET 2012


If you mean line 'void *bdata = av_malloc(atom.size);' inside mov.c then it 
is limited for 'cover_jpeg' key only and cover art image is always JPEG and 
won't exceed couple of megabytes, so truncation is ok here to me.

----- Original Message ----- 
From: "Reimar Döffinger" <Reimar.Doeffinger at gmx.de>
To: "FFmpeg development discussions and patches" <ffmpeg-devel at ffmpeg.org>
Sent: Saturday, January 21, 2012 11:09 AM
Subject: Re: [FFmpeg-devel] AVDictionary for binary tags


On Sat, Jan 21, 2012 at 09:55:42AM +0100, Reimar Döffinger wrote:
> What if someone tries to add 6GB large binary data? Or exactly 4 GB?
> No, this would not work "well" at all with base64-encoded data, but
> at least those issues aren't almost certain to cause a crash or similar.

Not so sure about that last part (that base64 has an advantage there)
anymore, but anyway after checking again I think your patch has a
potentially exploitable issue on systems where size_t is 32 bits due
to the av_malloc argument being truncated.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel at ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel



More information about the ffmpeg-devel mailing list