2017-11-01 17:01 GMT+01:00 Paul B Mahol <one...@gmail.com>: > On 11/1/17, Carl Eugen Hoyos <ceffm...@gmail.com> wrote: >> 2017-11-01 15:40 GMT+01:00 Paul B Mahol <one...@gmail.com>: >>> On 11/1/17, Carl Eugen Hoyos <ceffm...@gmail.com> wrote: >>>> Hi! >>>> >>>> It appears to me that the alac decoder can be used for DoS, >>>> the attached patch limits the maximum frame size to eight >>>> times the default value. >>>> (Higher values brake our encoder here.) >>>> >>>> Please comment and / or suggest another value, Carl Eugen >>>> >>> >>> So alac encoder can not handle bigger frames or what? >>> >>> Look at other alac encoders, what are their limit on frame size? >> >> I am not sure if it is enough to look on Apple's encoder, after >> all, their decoder looks exploitable (or maybe I miss something). >> >>> The limit you set is too low IMHO. >> >> Could you suggest a limit that's below the several-GB area? > > I remmeber some lossless audio codecs can have very big > frames, several MB.
So what about 4096 * 4096 as an arbitrary limit? Carl Eugen _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
