[FFmpeg-devel] [PATCH] latmenc: validate extradata size.

Reimar Döffinger Reimar.Doeffinger at gmx.de
Wed Apr 11 22:00:21 CEST 2012


On Wed, Apr 11, 2012 at 08:46:41PM +0100, Kieran Kunhya wrote:
> On Wed, Apr 11, 2012 at 8:39 PM, Reimar Döffinger
> <Reimar.Doeffinger at gmx.de> wrote:
> > On Wed, Apr 11, 2012 at 08:22:59PM +0100, Kieran Kunhya wrote:
> >> Imho should be checked somewhere else since broken extradata sizes
> >> should be sanity check for all types of 14496-3.
> >
> > What do you mean by "somewhere else" exactly?
> > Also I have no real reason to believe that there is any
> > specific size that is "broken", I see no reason why the extradata
> > of an AAC stream on mov couldn't be 50 MB and still be
> > "valid" even if silly.
> > The only reasons to check it here are
> > a) the format has a rather strict limit on the overall data size, so
> > this might allow catching some things that are sure to fail early on
> > b) far more importantly, the current code is potentially exploitable
> > and that is the least effort way to plug the hole I can see.
> 
> Is extradata for AAC in mov meant to be more than just GASpecificConfig?
> There's no documentation anywhere for AAC extradata.

I don't think it is _meant_ to, however I'm quite convinced that
anything will play it of you have extra stuff at the end (ffmpeg
for sure, but also QuickTime etc. I don't think will limit the size
- QuickTime on the encoder side has the habit of throwing extra 0s
at the end of everything anyway, H.264 in the past, AAC SBR extensions
nowadays...).


More information about the ffmpeg-devel mailing list