[FFmpeg-devel] [mov] Fix trampling of ctts during seeks when sidx support is enabled.
John Stebbins
stebbins at jetheaddev.com
Thu Nov 23 02:30:33 EET 2017
On 11/22/2017 02:36 PM, Carl Eugen Hoyos wrote:
> 2017-08-24 0:39 GMT+02:00 Dale Curtis <dalecurtis at chromium.org>:
>
>> - sc->ctts_data[ctts_count].count = count;
>> - sc->ctts_data[ctts_count].duration = duration;
>> - ctts_count++;
>> + /* Expand entries such that we have a 1-1 mapping with samples. */
>> + for (j = 0; j < count; j++)
>> + add_ctts_entry(&sc->ctts_data, &ctts_count, &sc->ctts_allocated_size, 1, duration);
> count is a 32bit value read from the file, so this hunk makes
> the demuxer allocate huge amount of memories for some
> files.
>
> Is there an upper limit for count?
>
>
In practice, if a valid mp4 blows up due to this ctts allocation, it's also going to blow up when AVIndexEntries is
allocated for the samples. An invalid mp4 can do anything of course.
--
John GnuPG fingerprint: D0EC B3DB C372 D1F1 0B01 83F0 49F1 D7B2 60D4 D0F7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20171122/13f9d5e2/attachment.sig>
More information about the ffmpeg-devel
mailing list