[FFmpeg-devel] [PATCH] latmenc: validate extradata size.

Reimar Döffinger Reimar.Doeffinger at gmx.de
Thu Apr 12 00:19:49 CEST 2012

On Wed, Apr 11, 2012 at 11:06:40PM +0100, Kieran Kunhya wrote:
> Ok that explains a lot. Personally I would rather see extradata
> sanitised upon input but it's up to you.

Well, strictly that init function is "at input".
I was asking about "where else" you meant because I don't
see any other place.
Checking e.g. in the demuxer would sure be possible but
you'd have to check in each and forgetting it somewhere
would open up a hole.
Doing it in ffmpeg.c for example would not work for applications
like e.g. MPlayer/mencoder.
Doing it in one of the util functions might work, but
trawling through all streams, checking for AAC, then
checking the extradata size seems rather messy.
Limiting the extradata size in general would be possible,
but that would be a far, far larger limit.

More information about the ffmpeg-devel mailing list