[FFmpeg-devel] [RFC/PATCH]Avoid huge allocations from asf demuxer
Carl Eugen Hoyos
cehoyos at ag.or.at
Sat Mar 2 17:36:15 CET 2013
Hi!
Using the command line from ticket #1888, asf_read_frame_header() first fills
asf->packet_obj_size with 0xda327c93, this value is later passed to
av_new_packet() but av_malloc() refuses to alloc anything.
Next value for asf->packet_obj_size is 0x7ef0fec0, av_malloc allocates
2129723088 bytes.
Attached patch avoids this and fixes ticket #1888, I don't know enough about
the asf demuxer to judge if this is an acceptable solution.
Please comment, Carl Eugen
-------------- next part --------------
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index 233b6ca..38f46a6 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -1011,6 +1011,7 @@ static int asf_read_frame_header(AVFormatContext *s, AVIOContext *pb)
asf->packet_obj_size = avio_rl32(pb);
if (asf->packet_obj_size >= (1 << 24) || asf->packet_obj_size <= 0) {
av_log(s, AV_LOG_ERROR, "packet_obj_size invalid\n");
+ asf->packet_obj_size = 0;
return AVERROR_INVALIDDATA;
}
asf->packet_frag_timestamp = avio_rl32(pb); // timestamp
More information about the ffmpeg-devel
mailing list