Re: [FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

2017-11-04 Thread Carl Eugen Hoyos
2017-11-04 10:23 GMT+01:00 Paul B Mahol : > On 11/4/17, Carl Eugen Hoyos wrote: >> 2017-11-01 17:03 GMT+01:00 Carl Eugen Hoyos : >>> 2017-11-01 17:01 GMT+01:00 Paul B Mahol : On 11/1/17, Carl Eugen Hoyos

Re: [FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

2017-11-04 Thread Paul B Mahol
On 11/4/17, Carl Eugen Hoyos wrote: > 2017-11-01 17:03 GMT+01:00 Carl Eugen Hoyos : >> 2017-11-01 17:01 GMT+01:00 Paul B Mahol : >>> On 11/1/17, Carl Eugen Hoyos wrote: 2017-11-01 15:40 GMT+01:00 Paul B Mahol

Re: [FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

2017-11-03 Thread Carl Eugen Hoyos
2017-11-01 17:03 GMT+01:00 Carl Eugen Hoyos : > 2017-11-01 17:01 GMT+01:00 Paul B Mahol : >> On 11/1/17, Carl Eugen Hoyos wrote: >>> 2017-11-01 15:40 GMT+01:00 Paul B Mahol : On 11/1/17, Carl Eugen Hoyos

Re: [FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

2017-11-01 Thread Carl Eugen Hoyos
2017-11-01 17:01 GMT+01:00 Paul B Mahol : > On 11/1/17, Carl Eugen Hoyos wrote: >> 2017-11-01 15:40 GMT+01:00 Paul B Mahol : >>> On 11/1/17, Carl Eugen Hoyos wrote: Hi! It appears to me that the alac

Re: [FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

2017-11-01 Thread Paul B Mahol
On 11/1/17, Carl Eugen Hoyos wrote: > 2017-11-01 15:40 GMT+01:00 Paul B Mahol : >> On 11/1/17, Carl Eugen Hoyos wrote: >>> Hi! >>> >>> It appears to me that the alac decoder can be used for DoS, >>> the attached patch limits the maximum

Re: [FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

2017-11-01 Thread Carl Eugen Hoyos
2017-11-01 15:40 GMT+01:00 Paul B Mahol : > On 11/1/17, Carl Eugen Hoyos wrote: >> Hi! >> >> It appears to me that the alac decoder can be used for DoS, >> the attached patch limits the maximum frame size to eight >> times the default value. >> (Higher values

Re: [FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

2017-11-01 Thread Derek Buitenhuis
On 11/1/2017 2:25 PM, Carl Eugen Hoyos wrote: > It appears to me that the alac decoder can be used for DoS, the attached patch > limits the maximum frame size to eight times the default value. > (Higher values brake our encoder here.) Since the official ALAC encoder/decoder are open ource

Re: [FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

2017-11-01 Thread Paul B Mahol
On 11/1/17, Carl Eugen Hoyos wrote: > Hi! > > It appears to me that the alac decoder can be used for DoS, the attached > patch > limits the maximum frame size to eight times the default value. > (Higher values brake our encoder here.) > > Please comment and / or suggest

[FFmpeg-devel] [PATCH]lavc/alac: Avoid allocating huge memory blocks for malicious alac input.

2017-11-01 Thread Carl Eugen Hoyos
Hi! It appears to me that the alac decoder can be used for DoS, the attached patch limits the maximum frame size to eight times the default value. (Higher values brake our encoder here.) Please comment and / or suggest another value, Carl Eugen From c2181c7ee83fcf93ba817cf6f9c3c9e1043a233c Mon