Hi!
It appears to me that the alac decoder can be used for DoS, the attached patch
limits the maximum frame size to eight times the default value.
(Higher values brake our encoder here.)
Please comment and / or suggest another value, Carl Eugen
From c2181c7ee83fcf93ba817cf6f9c3c9e1043a233c Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <ceffm...@gmail.com>
Date: Wed, 1 Nov 2017 15:14:22 +0100
Subject: [PATCH] lavc/alac: Avoid allocating huge memory blocks for malicious
alac input.
---
libavcodec/alac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/alac.c b/libavcodec/alac.c
index d6bd21b..66bee7f 100644
--- a/libavcodec/alac.c
+++ b/libavcodec/alac.c
@@ -524,7 +524,7 @@ static int alac_set_info(ALACContext *alac)
alac->max_samples_per_frame = bytestream2_get_be32u(&gb);
if (!alac->max_samples_per_frame ||
- alac->max_samples_per_frame > INT_MAX / sizeof(int32_t)) {
+ alac->max_samples_per_frame > 4096 * 16) {
av_log(alac->avctx, AV_LOG_ERROR,
"max samples per frame invalid: %"PRIu32"\n",
alac->max_samples_per_frame);
--
1.7.10.4
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
