[FFmpeg-devel] [PATCH] latmenc: validate extradata size.

Reimar Döffinger Reimar.Doeffinger at gmx.de
Wed Apr 11 22:00:21 CEST 2012

On Wed, Apr 11, 2012 at 08:46:41PM +0100, Kieran Kunhya wrote:
> On Wed, Apr 11, 2012 at 8:39 PM, Reimar Döffinger
> <Reimar.Doeffinger at gmx.de> wrote:
> > On Wed, Apr 11, 2012 at 08:22:59PM +0100, Kieran Kunhya wrote:
> >> Imho should be checked somewhere else since broken extradata sizes
> >> should be sanity check for all types of 14496-3.
> >
> > What do you mean by "somewhere else" exactly?
> > Also I have no real reason to believe that there is any
> > specific size that is "broken", I see no reason why the extradata
> > of an AAC stream on mov couldn't be 50 MB and still be
> > "valid" even if silly.
> > The only reasons to check it here are
> > a) the format has a rather strict limit on the overall data size, so
> > this might allow catching some things that are sure to fail early on
> > b) far more importantly, the current code is potentially exploitable
> > and that is the least effort way to plug the hole I can see.
> Is extradata for AAC in mov meant to be more than just GASpecificConfig?
> There's no documentation anywhere for AAC extradata.

I don't think it is _meant_ to, however I'm quite convinced that
anything will play it of you have extra stuff at the end (ffmpeg
for sure, but also QuickTime etc. I don't think will limit the size
- QuickTime on the encoder side has the habit of throwing extra 0s
at the end of everything anyway, H.264 in the past, AAC SBR extensions

More information about the ffmpeg-devel mailing list