On 11/4/17, Carl Eugen Hoyos <ceffm...@gmail.com> wrote: > 2017-11-01 17:03 GMT+01:00 Carl Eugen Hoyos <ceffm...@gmail.com>: >> 2017-11-01 17:01 GMT+01:00 Paul B Mahol <one...@gmail.com>: >>> On 11/1/17, Carl Eugen Hoyos <ceffm...@gmail.com> wrote: >>>> 2017-11-01 15:40 GMT+01:00 Paul B Mahol <one...@gmail.com>: >>>>> On 11/1/17, Carl Eugen Hoyos <ceffm...@gmail.com> wrote: >>>>>> Hi! >>>>>> >>>>>> It appears to me that the alac decoder can be used for DoS, >>>>>> the attached patch limits the maximum frame size to eight >>>>>> times the default value. >>>>>> (Higher values brake our encoder here.) >>>>>> >>>>>> Please comment and / or suggest another value, Carl Eugen >>>>>> >>>>> >>>>> So alac encoder can not handle bigger frames or what? >>>>> >>>>> Look at other alac encoders, what are their limit on frame size? >>>> >>>> I am not sure if it is enough to look on Apple's encoder, after >>>> all, their decoder looks exploitable (or maybe I miss something). >>>> >>>>> The limit you set is too low IMHO. >>>> >>>> Could you suggest a limit that's below the several-GB area? >>> >>> I remmeber some lossless audio codecs can have very big >>> frames, several MB. >> >> So what about 4096 * 4096 as an arbitrary limit? > > Any opinion?
ok _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel