[FFmpeg-devel] [RFC/PATCH]Avoid huge allocations from asf demuxer

Michael Niedermayer michaelni at gmx.at
Sat Mar 2 18:30:41 CET 2013


On Sat, Mar 02, 2013 at 05:36:15PM +0100, Carl Eugen Hoyos wrote:
> Hi!
> 
> Using the command line from ticket #1888, asf_read_frame_header() first fills 
> asf->packet_obj_size with 0xda327c93, this value is later passed to 
> av_new_packet() but av_malloc() refuses to alloc anything.
> Next value for asf->packet_obj_size is 0x7ef0fec0, av_malloc allocates 
> 2129723088 bytes.
> Attached patch avoids this and fixes ticket #1888, I don't know enough about 
> the asf demuxer to judge if this is an acceptable solution.
> 
> Please comment, Carl Eugen

>  asfdec.c |    1 +
>  1 file changed, 1 insertion(+)
> 821839d9e2e01c68a5f4eb86af44cdd7558620aa  patchasfpacket.diff
> diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
> index 233b6ca..38f46a6 100644
> --- a/libavformat/asfdec.c
> +++ b/libavformat/asfdec.c
> @@ -1011,6 +1011,7 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb)
>          asf->packet_obj_size = avio_rl32(pb);
>          if (asf->packet_obj_size >= (1 << 24) || asf->packet_obj_size <= 0) {
>              av_log(s, AV_LOG_ERROR, "packet_obj_size invalid\n");
> +            asf->packet_obj_size = 0;
>              return AVERROR_INVALIDDATA;
>          }

LGTM

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Rewriting code that is poorly written but fully understood is good.
Rewriting code that one doesnt understand is a sign that one is less smart
then the original author, trying to rewrite it will not make it better.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130302/2fbb9d9f/attachment.asc>


More information about the ffmpeg-devel mailing list