[FFmpeg-devel] [PATCH] Fix quadratic memory use in ff_h2645_extract_rbsp() when multiple NALUs exist in packet.
Kieran Kunhya
kierank at obe.tv
Tue Oct 31 11:24:12 EET 2017
On Tue, 31 Oct 2017 at 02:26 Michael Niedermayer <michael at niedermayer.cc>
wrote:
> On Thu, Oct 19, 2017 at 11:46:47AM -0700, Nikolas Bowe wrote:
> > Found via fuzzing.
> > /tmp/poc is a 1 MB mpegts file generated via fuzzing, where 1 packet has
> many NALUs
> > Before this change:
> > $ /usr/bin/time -f "\t%M Max Resident Set Size (Kb)" ./ffprobe
> /tmp/poc 2>&1 | tail -n 1
> > 2158192 Max Resident Set Size (Kb)
> > After this change:
> > $ /usr/bin/time -f "\t%M Max Resident Set Size (Kb)" ./ffprobe
> /tmp/poc 2>&1 | tail -n 1
> > 1046812 Max Resident Set Size (Kb)
> > ---
> > libavcodec/h2645_parse.c | 13 +++++++++++--
> > 1 file changed, 11 insertions(+), 2 deletions(-)
>
> This patch also fixes 2145/clusterfuzz-testcase-minimized-5866217724182528
> that should be added to the commit message
>
> (though as said, this fix is not ideal or complete, I would very much
> prefer if this would be fixed by using a single buffer or any other
> solution that avoids the speedloss.)
>
> Also please tell me in case you choose not to work on this further.
>
> thx
>
> [...]
>
Hi,
I left the sample in https://trac.ffmpeg.org/ticket/6789 running overnight,
it still leaks with this patch, just much slower.
So there is still a related (but separate?) bug here.
Kieran
More information about the ffmpeg-devel
mailing list