[FFmpeg-devel] [PATCH 2/3] avcodec/lagarith: Optimize case with singleton probability distribution
Kieran Kunhya
kieran618 at googlemail.com
Tue Dec 25 01:54:31 EET 2018
>
> commit 0ca7a8deeffd33e05ae15a447259b32b6678c727 (HEAD -> master)
> Author: Michael Niedermayer <michael at niedermayer.cc>
> Date: Mon Dec 24 01:14:50 2018 +0100
>
> avcodec/lagarith: Optimize case with singleton probability distribution
>
> Fixes: Timeout
> Fixes:
> 10554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-5739938067251200
>
> In case of a Denial of Service attack, the attacker wants to maximize
> the load on the target
> per byte transmitted from the attacker.
> For such a DoS attack it is best for the attacker to setup the
> probabilities so that the
> arithmetic decoder does not advance in the bytestream that way the
> attacker only needs to
> transmit the initial bytes and header for an arbitrary large frame.
> This patch here optimizes this codepath and avoids executing the
> arithmetic decoder more than
> once. It thus reduces the load causes by this codepath on the target.
> We also could completely disallow this codepath but it appears such
> odd probability
> distributions are not invalid.
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
>
This is a nonsense argument, a user could send a frame that was
99999999x99999999 in dimensions, would have the same effect.
The calling application should manage timeouts themselves in a sandbox or
container or similar.
Merry Xmas.
Kieran
More information about the ffmpeg-devel
mailing list