On Fri, Dec 9, 2016 at 12:45 AM, Andreas Cadhalpun <andreas.cadhal...@googlemail.com> wrote: > On 08.12.2016 19:30, Michael Niedermayer wrote: >> TODO: split into 2 patches (one per lib), docs & bump >> >> This allows preventing some OOM and "slow decoding" cases by limiting the >> maximum resolution >> this may be useful to avoid fuzzers getting stuck in boring cases >> >> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> >> --- >> libavcodec/avcodec.h | 8 ++++++++ >> libavcodec/options_table.h | 1 + >> libavutil/imgutils.c | 22 ++++++++++++++++++---- >> tests/ref/fate/api-mjpeg-codec-param | 2 ++ >> tests/ref/fate/api-png-codec-param | 2 ++ >> 5 files changed, 31 insertions(+), 4 deletions(-) > > That's probably OK. > One caveat is that currently not every demuxer uses av_image_check_size, > but I'm working on fixing that. > Do you plan to reduce the default in a future patch? >
There is already valid high-resolution image files today that avcodec cannot open due to the technical limits checked in that function right now (which prevent integer overflows in other parts of the code that should be fixed instead). Further reducing this for all users seems like a terrible idea to me. - Hendrik _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
