> > commit 0ca7a8deeffd33e05ae15a447259b32b6678c727 (HEAD -> master) > Author: Michael Niedermayer <mich...@niedermayer.cc> > Date: Mon Dec 24 01:14:50 2018 +0100 > > avcodec/lagarith: Optimize case with singleton probability distribution > > Fixes: Timeout > Fixes: > 10554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-5739938067251200 > > In case of a Denial of Service attack, the attacker wants to maximize > the load on the target > per byte transmitted from the attacker. > For such a DoS attack it is best for the attacker to setup the > probabilities so that the > arithmetic decoder does not advance in the bytestream that way the > attacker only needs to > transmit the initial bytes and header for an arbitrary large frame. > This patch here optimizes this codepath and avoids executing the > arithmetic decoder more than > once. It thus reduces the load causes by this codepath on the target. > We also could completely disallow this codepath but it appears such > odd probability > distributions are not invalid. > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> >
This is a nonsense argument, a user could send a frame that was 99999999x99999999 in dimensions, would have the same effect. The calling application should manage timeouts themselves in a sandbox or container or similar. Merry Xmas. Kieran _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
