On Fri, Sep 13, 2024 at 12:08:45PM +0200, Anton Khirnov wrote: > Quoting Michael Niedermayer (2024-09-13 01:33:31) > > We do not support more channels. For example avcodec_open2() limits > > channels this way too > > > > The example file contains multiple chunks with over 16 million channels > > We had this discussion already.
I remembered something too, but couldnt find the thread within teh time i was looking for it > Ad-hoc checks like this are only > addressing a symptom (probably one of many), and hide the actual bug. If you have a better fix, submit it. If you want me to implement this differently, the first step is to describe what you have in mind, that the implementation should look like. But if one 1. allocates an attacker specified amount of memory 2. iterate over it by an attacker specified number of times 3. the case is never supported for numbers over 512 4. doing that 512 check leads to rejected patches Then theres a problem Also if the suggestion is to add a user specified limit. This can be done for git master, for previous release branches thats not an option and as we only backport from master in general we still need this kind of fix before a user specified limit. > > > +#include "libavcodec/internal.h" > > I dislike this as well. I am fine with it. But if you dont, then maybe you can suggest another way to check for the number that we support. Thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If you fake or manipulate statistics in a paper in physics you will never get a job again. If you fake or manipulate statistics in a paper in medicin you will get a job for life at the pharma industry.
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
