[FFmpeg-devel] [PATCH] [mov] Avoid OOM for invalid STCO / CO64 constructions.
Dale Curtis
dalecurtis at chromium.org
Sat Feb 3 01:45:24 EET 2024
On Fri, Feb 2, 2024 at 3:42 PM Dale Curtis <dalecurtis at chromium.org> wrote:
> On Fri, Feb 2, 2024 at 3:20 PM Andreas Rheinhardt <
> andreas.rheinhardt at outlook.com> wrote:
>
>> Dale Curtis:
>> > + // Clamp allocation size for `chunk_offsets` -- don't throw an
>> error for an
>> > + // invalid count since the EOF path doesn't throw either.
>> > + entries =
>> > + FFMIN(entries, FFMIN(atom.size - 8, avio_size(pb) -
>> avio_tell(pb)) /
>> > + (atom.type == MKTAG('s', 't', 'c', 'o') ? 4
>> : 8));
>> > +
>>
>> This may call avio_size() and avio_tell() multiple times. Furthermore,
>> is it even certain that avio_size() returns a sane value?
>>
>
> I hope so since there are other usages of avio_size() throughout the file
> in a similar manner. I guess you're saying it may be invalid when
> !AVIO_SEEKABLE_NORMAL? Sticking to just atom.size is also fine.
>
Here's a version of the patch which does just that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stco-clamp-entries-v2.patch
Type: application/octet-stream
Size: 1366 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240202/67f79919/attachment.obj>
More information about the ffmpeg-devel
mailing list