On Wed, Nov 07, 2018 at 02:34:43PM +0100, François Revol wrote:
> When adding thumbnails to OGG files, the line can easily go up to 100kB.
>
> We thus try to allocate the file size or SIZE_MAX to avoid truncation.
> ---
> libavformat/ffmetadec.c | 21 +++++++++++++++++----
> 1 file changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/libavformat/ffmetadec.c b/libavformat/ffmetadec.c
> index 3290b3b7bc..ccbff51c03 100644
> --- a/libavformat/ffmetadec.c
> +++ b/libavformat/ffmetadec.c
> @@ -128,16 +128,26 @@ static int read_tag(const uint8_t *line, AVDictionary
> **m)
> static int read_header(AVFormatContext *s)
> {
> AVDictionary **m = &s->metadata;
> - uint8_t line[1024];
> + int64_t line_size = avio_size(s->pb);
> + uint8_t *line;
> +
> + if (line_size < 1 || line_size > SIZE_MAX)
> + line_size = SIZE_MAX;
> +
> + line = av_malloc(line_size);
> + if (!line)
> + return AVERROR(ENOMEM);
this would use alot of memory for large files, also avio_size() will not
work with all inputs
using av_fast_realloc() or similar should avoid both issues
>
> while(!avio_feof(s->pb)) {
> - get_line(s->pb, line, sizeof(line));
> + get_line(s->pb, line, line_size);
>
> if (!memcmp(line, ID_STREAM, strlen(ID_STREAM))) {
out of memory access can happen here
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The smallest minority on earth is the individual. Those who deny
individual rights cannot claim to be defenders of minorities. - Ayn Rand
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
