On 11/1/17, Carl Eugen Hoyos <ceffm...@gmail.com> wrote: > 2017-11-01 15:40 GMT+01:00 Paul B Mahol <one...@gmail.com>: >> On 11/1/17, Carl Eugen Hoyos <ceffm...@gmail.com> wrote: >>> Hi! >>> >>> It appears to me that the alac decoder can be used for DoS, >>> the attached patch limits the maximum frame size to eight >>> times the default value. >>> (Higher values brake our encoder here.) >>> >>> Please comment and / or suggest another value, Carl Eugen >>> >> >> So alac encoder can not handle bigger frames or what? >> >> Look at other alac encoders, what are their limit on frame size? > > I am not sure if it is enough to look on Apple's encoder, after > all, their decoder looks exploitable (or maybe I miss something). > >> The limit you set is too low IMHO. > > Could you suggest a limit that's below the several-GB area?
I remmeber some lossless audio codecs can have very big frames, several MB. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
