On Wed, Jun 13, 2018 at 08:54:20AM +0000, Eran Kornblau wrote: > > > > -----Original Message----- > > From: ffmpeg-devel [mailto:ffmpeg-devel-boun...@ffmpeg.org] On Behalf Of > > Michael Niedermayer > > Sent: Wednesday, June 13, 2018 1:41 AM > > To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> > > Subject: Re: [FFmpeg-devel] qt-faststart bug near 4GB > > > > > > this is not mandatory but trying with some basic fuzzer seems like a good > > idea look at the examples in the manpage of zzuf for example, its very easy > > to use > > > Ok, zzuf is indeed easy to use :) > > One issue that it surfaced is the lack of validation on ftyp atom size > (unrelated to this patch) - > At some iteration it changed the ftyp size to a large number, faststart > managed to allocate it, but zzuf did not. I don't think this is a real > issue (if the code did malloc(size+1), read(size) then it could have been...) > > Anyway, I used the attached patch to work around it. I didn't find any > official limit to the size of this atom, so I randomly chose 1MB, which is > several orders of magnitude larger than any ftyp I've seen... > > Btw, the exact same issue exists for moov, I can submit a patch for that too, > although there it will be harder to find a good limit. We're using 256MB > as the limit for moov size in our JIT packager. > > These are the commands that I used for the test - > > # ffmpeg -f lavfi -i anullsrc=sample_rate=48000 -t 0.1 faststart-zzuf.mp4 > > # zzuf -s 0:1000000 tools/qt-faststart faststart-zzuf.mp4 > faststart-output.mp4 > zzuf-output.txt 2> zzuf-error.txt > > # sort -u zzuf-error.txt > faststart-zzuf.mp4: Invalid argument > faststart-zzuf.mp4: Success > > # sort -u zzuf-output.txt | awk 'NF<1 || $(NF-1) !~ /[0-9]+/ || $NF !~ > /[0-9]+/' | grep -av 'too big$' | grep -av 'too small$' > copying rest of file... > encountered non-QT top-level atom (is this a QuickTime file?) > last atom in file was not a moov atom > not enough room for 64 bit atom size > patching stco atom... > writing ftyp atom... > writing moov atom... > > Thanks! > > Eran > > > [...] > > > > -- > > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > > > The greatest way to live with honor in this world is to be what we pretend > > to be. -- Socrates > >
> qt-faststart.c | 6 ++++++ > 1 file changed, 6 insertions(+) > aabd7a494cc34222fb91f195118308e6983e5577 > 0001-qt-faststart-add-validation-on-ftyp-atom-size.patch > From 36ea3c1bf7afe91da310ee7a5b28e3e2d3f2d04c Mon Sep 17 00:00:00 2001 > From: erankor <eran.kornb...@kaltura.com> > Date: Wed, 13 Jun 2018 11:48:20 +0300 > Subject: [PATCH] qt-faststart: add validation on ftyp atom size > > avoid trying to allocate an unreasonably sized buffer on corrupt files > --- > tools/qt-faststart.c | 6 ++++++ > 1 file changed, 6 insertions(+) will apply [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB "Nothing to hide" only works if the folks in power share the values of you and everyone you know entirely and always will -- Tom Scott
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
