[FFmpeg-devel] [PATCH 3/5] mxfdec: Fix a potential DoS vector in mxf_read_pixel_layout()

Michael Niedermayer michaelni at gmx.at
Wed Oct 24 17:44:42 CEST 2012

On Wed, Oct 24, 2012 at 05:20:34PM +0200, Tomas Härdin wrote:
> Discovered while writing the previous patch. Reading a large file
> byte-by-byte is likely to be slow..

>  mxfdec.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 39d2f19c4c0b42c926057cb3bf40b7688f105d60  0003-mxfdec-Fix-a-potential-DoS-vector-in-mxf_read_pixel_.patch
> From ccedbd419455c02140522931a7bb9356d9414e76 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= <tomas.hardin at codemill.se>
> Date: Wed, 24 Oct 2012 16:51:41 +0200
> Subject: [PATCH 3/5] mxfdec: Fix a potential DoS vector in
>  mxf_read_pixel_layout()
> There's a a potential DoS problem in this function. Say an MXF file is
> created with a PixelLayout with a long run of non-zeroes. Such a file could be
> sent quickly (packed) over the net and would unpack quite fast. mxfdec would
> then read it byte-by-byte, which would take considerable time.




Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is what and why we do it that matters, not just one of them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20121024/a5917040/attachment.asc>

More information about the ffmpeg-devel mailing list