[FFmpeg-devel] [mov] Fix trampling of ctts during seeks when sidx support is enabled.
Carl Eugen Hoyos
ceffmpeg at gmail.com
Thu Nov 23 03:26:54 EET 2017
2017-11-23 1:30 GMT+01:00 John Stebbins <stebbins at jetheaddev.com>:
> On 11/22/2017 02:36 PM, Carl Eugen Hoyos wrote:
>> 2017-08-24 0:39 GMT+02:00 Dale Curtis <dalecurtis at chromium.org>:
>>> - sc->ctts_data[ctts_count].count = count;
>>> - sc->ctts_data[ctts_count].duration = duration;
>>> - ctts_count++;
>>> + /* Expand entries such that we have a 1-1 mapping with samples. */
>>> + for (j = 0; j < count; j++)
>>> + add_ctts_entry(&sc->ctts_data, &ctts_count, &sc->ctts_allocated_size, 1, duration);
>> count is a 32bit value read from the file, so this hunk makes
>> the demuxer allocate huge amount of memories for some
>> Is there an upper limit for count?
> In practice, if a valid mp4 blows up due to this ctts allocation,
> it's also going to blow up when AVIndexEntries is allocated
> for the samples.
> An invalid mp4 can do anything of course.
This is about invalid files allocating >1GB.
More information about the ffmpeg-devel