2017-11-01 17:03 GMT+01:00 Carl Eugen Hoyos <ceffm...@gmail.com>: > 2017-11-01 17:01 GMT+01:00 Paul B Mahol <one...@gmail.com>: >> On 11/1/17, Carl Eugen Hoyos <ceffm...@gmail.com> wrote: >>> 2017-11-01 15:40 GMT+01:00 Paul B Mahol <one...@gmail.com>: >>>> On 11/1/17, Carl Eugen Hoyos <ceffm...@gmail.com> wrote: >>>>> Hi! >>>>> >>>>> It appears to me that the alac decoder can be used for DoS, >>>>> the attached patch limits the maximum frame size to eight >>>>> times the default value. >>>>> (Higher values brake our encoder here.) >>>>> >>>>> Please comment and / or suggest another value, Carl Eugen >>>>> >>>> >>>> So alac encoder can not handle bigger frames or what? >>>> >>>> Look at other alac encoders, what are their limit on frame size? >>> >>> I am not sure if it is enough to look on Apple's encoder, after >>> all, their decoder looks exploitable (or maybe I miss something). >>> >>>> The limit you set is too low IMHO. >>> >>> Could you suggest a limit that's below the several-GB area? >> >> I remmeber some lossless audio codecs can have very big >> frames, several MB. > > So what about 4096 * 4096 as an arbitrary limit?
Any opinion? Carl Eugen _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
