> On Jun 9, 2023, at 07:51, Hendi <finalcountdow...@googlemail.com> wrote:
>
> mov_try_read_block is regularly called with sizes such as 48 bytes,
> but would allocate 1 MiB each time, hogging more and more memory
> until playback ends.
>
> Fixes #7641 and #9243.
It’s a quick fix, but I’m afraid the two tickets are caused by more deep
pitfalls.
It would be helpful if someone can provide a sample for test.
>
> Signed-off-by: Hendi <hend...@freenet.de>
> ---
> libavformat/mov.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index a8d004e02b..2e4df42256 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -6662,6 +6662,9 @@ static int mov_try_read_block(AVIOContext *pb, size_t
> size, uint8_t **data)
> while (offset < size) {
> unsigned int new_size =
> alloc_size >= INT_MAX - block_size ? INT_MAX : alloc_size +
> block_size;
> + if (size < new_size) {
> + new_size = size;
> + }
> uint8_t *new_buffer = av_fast_realloc(buffer, &alloc_size, new_size);
> unsigned int to_read = FFMIN(size, alloc_size) - offset;
> if (!new_buffer) {
> --
> 2.40.0.windows.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
