[FFmpeg-devel] [PATCH] Fix quadratic memory use in ff_h2645_extract_rbsp() when multiple NALUs exist in packet.
Michael Niedermayer
michael at niedermayer.cc
Tue Oct 31 04:25:41 EET 2017
On Thu, Oct 19, 2017 at 11:46:47AM -0700, Nikolas Bowe wrote:
> Found via fuzzing.
> /tmp/poc is a 1 MB mpegts file generated via fuzzing, where 1 packet has many NALUs
> Before this change:
> $ /usr/bin/time -f "\t%M Max Resident Set Size (Kb)" ./ffprobe /tmp/poc 2>&1 | tail -n 1
> 2158192 Max Resident Set Size (Kb)
> After this change:
> $ /usr/bin/time -f "\t%M Max Resident Set Size (Kb)" ./ffprobe /tmp/poc 2>&1 | tail -n 1
> 1046812 Max Resident Set Size (Kb)
> ---
> libavcodec/h2645_parse.c | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
This patch also fixes 2145/clusterfuzz-testcase-minimized-5866217724182528
that should be added to the commit message
(though as said, this fix is not ideal or complete, I would very much
prefer if this would be fixed by using a single buffer or any other
solution that avoids the speedloss.)
Also please tell me in case you choose not to work on this further.
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Awnsering whenever a program halts or runs forever is
On a turing machine, in general impossible (turings halting problem).
On any real computer, always possible as a real computer has a finite number
of states N, and will either halt in less than N cycles or never halt.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20171031/249343bb/attachment.sig>
More information about the ffmpeg-devel
mailing list