[FFmpeg-devel] [PATCH 2/3] avcodec/lagarith: Optimize case with singleton probability distribution

Kieran Kunhya kieran618 at googlemail.com
Tue Dec 25 01:54:31 EET 2018

> commit 0ca7a8deeffd33e05ae15a447259b32b6678c727 (HEAD -> master)
> Author: Michael Niedermayer <michael at niedermayer.cc>
> Date:   Mon Dec 24 01:14:50 2018 +0100
>     avcodec/lagarith: Optimize case with singleton probability distribution
>     Fixes: Timeout
>     Fixes:
> 10554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-5739938067251200
>     In case of a Denial of Service attack, the attacker wants to maximize
> the load on the target
>     per byte transmitted from the attacker.
>     For such a DoS attack it is best for the attacker to setup the
> probabilities so that the
>     arithmetic decoder does not advance in the bytestream that way the
> attacker only needs to
>     transmit the initial bytes and header for an arbitrary large frame.
>     This patch here optimizes this codepath and avoids executing the
> arithmetic decoder more than
>     once. It thus reduces the load causes by this codepath on the target.
>     We also could completely disallow this codepath but it appears such
> odd probability
>     distributions are not invalid.
>     Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>     Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

This is a nonsense argument, a user could send a frame that was
99999999x99999999 in dimensions, would have the same effect.
The calling application should manage timeouts themselves in a sandbox or
container or similar.

Merry Xmas.


More information about the ffmpeg-devel mailing list