[FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.
Paul B Mahol
onemda at gmail.com
Sat Nov 4 11:23:30 EET 2017
On 11/4/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
> 2017-11-01 17:03 GMT+01:00 Carl Eugen Hoyos <ceffmpeg at gmail.com>:
>> 2017-11-01 17:01 GMT+01:00 Paul B Mahol <onemda at gmail.com>:
>>> On 11/1/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>>>> 2017-11-01 15:40 GMT+01:00 Paul B Mahol <onemda at gmail.com>:
>>>>> On 11/1/17, Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>>>>>> Hi!
>>>>>>
>>>>>> It appears to me that the alac decoder can be used for DoS,
>>>>>> the attached patch limits the maximum frame size to eight
>>>>>> times the default value.
>>>>>> (Higher values brake our encoder here.)
>>>>>>
>>>>>> Please comment and / or suggest another value, Carl Eugen
>>>>>>
>>>>>
>>>>> So alac encoder can not handle bigger frames or what?
>>>>>
>>>>> Look at other alac encoders, what are their limit on frame size?
>>>>
>>>> I am not sure if it is enough to look on Apple's encoder, after
>>>> all, their decoder looks exploitable (or maybe I miss something).
>>>>
>>>>> The limit you set is too low IMHO.
>>>>
>>>> Could you suggest a limit that's below the several-GB area?
>>>
>>> I remmeber some lossless audio codecs can have very big
>>> frames, several MB.
>>
>> So what about 4096 * 4096 as an arbitrary limit?
>
> Any opinion?
ok
More information about the ffmpeg-devel
mailing list