[FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

Carl Eugen Hoyos ceffmpeg at gmail.com
Wed Nov 1 16:25:44 EET 2017


It appears to me that the alac decoder can be used for DoS, the attached patch
limits the maximum frame size to eight times the default value.
(Higher values brake our encoder here.)

Please comment and / or suggest another value, Carl Eugen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-lavc-alac-Avoid-allocating-huge-memory-blocks-for-ma.patch
Type: text/x-patch
Size: 909 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20171101/0d0134e7/attachment.bin>

More information about the ffmpeg-devel mailing list