Opened 4 years ago

Closed 4 years ago

#4357 closed defect (wontfix)

Potential DoS in mpeg4video parser

Reported by: jmaggard10 Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords: asp
Cc: michael Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Large zero-filled files can cause libavcodec to allocate very large quantities of RAM.

I ran across this when forked-daapd was scanning a directory that contained large pre-allocated files, but did not yet have any actual data in those files.

Reproduction is easy.

# truncate -s8G badfile.m4v
# ffprobe badfile.m4v

Change History (4)

comment:1 Changed 4 years ago by michael

You can limit the maximum for a single allocation by using -max_alloc X, most platforms also provide a way to limit the sum of all allocations of a process.
Its certainly possibly to limit the amount of allocated memory for a file of just zeros and maybe we should but, one can always create a file with a arbitrary large or long valid video which would need arbitrary amounts of memory to decode, thus i think theres not much better than a user specified limit that can be done here.

comment:2 Changed 4 years ago by michael

  • Cc michael added

comment:3 Changed 4 years ago by cehoyos

  • Keywords asp added

If there is an issue, it is not limited to the asp parser but can also be reproduced with at least the vc1, the h264, the hevc and with a little effort with the mpegvideo parser.

comment:4 Changed 4 years ago by cehoyos

  • Resolution set to wontfix
  • Status changed from new to closed

Please reopen if -max_alloc does not help.

Note: See TracTickets for help on using tickets.