[FFmpeg-devel] [mov] Fix trampling of ctts during seeks when sidx support is enabled.

Carl Eugen Hoyos ceffmpeg at gmail.com
Thu Nov 23 03:26:54 EET 2017


2017-11-23 1:30 GMT+01:00 John Stebbins <stebbins at jetheaddev.com>:
> On 11/22/2017 02:36 PM, Carl Eugen Hoyos wrote:
>> 2017-08-24 0:39 GMT+02:00 Dale Curtis <dalecurtis at chromium.org>:
>>
>>> -        sc->ctts_data[ctts_count].count    = count;
>>> -        sc->ctts_data[ctts_count].duration = duration;
>>> -        ctts_count++;
>>> +        /* Expand entries such that we have a 1-1 mapping with samples. */
>>> +        for (j = 0; j < count; j++)
>>> +            add_ctts_entry(&sc->ctts_data, &ctts_count, &sc->ctts_allocated_size, 1, duration);
>> count is a 32bit value read from the file, so this hunk makes
>> the demuxer allocate huge amount of memories for some
>> files.
>>
>> Is there an upper limit for count?
>
> In practice, if a valid mp4 blows up due to this ctts allocation,
> it's also going to blow up when AVIndexEntries is allocated
> for the samples.

> An invalid mp4 can do anything of course.

This is about invalid files allocating >1GB.

Carl Eugen


More information about the ffmpeg-devel mailing list