2017-11-28 21:32 GMT+01:00 Michael Niedermayer <[email protected]>:
> On Mon, Nov 27, 2017 at 05:24:14AM +0100, Carl Eugen Hoyos wrote:
>> Hi!
>>
>> Attached patch avoids allocations >1GB for (short and) invalid mov
>> files with only reasonable speed impact.
>>
>> Please review, Carl Eugen
>
>> mov.c | 16 +++++++++++++---
>> 1 file changed, 13 insertions(+), 3 deletions(-)
>> 980861e4c47c80c850d4e849043df2510a3d1d32
>> 0001-lavf-mov-Do-not-blindly-allocate-huge-memory-blocks-.patch
>> From 0d243bad5fdd9850ff41d49a32a06274a3cd9756 Mon Sep 17 00:00:00 2001
>> From: Carl Eugen Hoyos <[email protected]>
>> Date: Mon, 27 Nov 2017 05:13:25 +0100
>> Subject: [PATCH] lavf/mov: Do not blindly allocate huge memory blocks for
>> stts entries.
>>
>> Fixes large allocations for short files with invalid stts entry.
>> Fixes bugzilla 1102.
>> ---
>> libavformat/mov.c | 16 +++++++++++++---
>> 1 file changed, 13 insertions(+), 3 deletions(-)
>>
>> diff --git a/libavformat/mov.c b/libavformat/mov.c
>> index ddb1e59..9d353bf 100644
>> --- a/libavformat/mov.c
>> +++ b/libavformat/mov.c
>> @@ -2838,14 +2838,24 @@ static int mov_read_stts(MOVContext *c, AVIOContext
>> *pb, MOVAtom atom)
>> if (sc->stts_data)
>> av_log(c->fc, AV_LOG_WARNING, "Duplicated STTS atom\n");
>> av_free(sc->stts_data);
>> - sc->stts_count = 0;
>> - sc->stts_data = av_malloc_array(entries, sizeof(*sc->stts_data));
>> + sc->stts_count = FFMIN(1024 * 1024, entries);
>> + sc->stts_data = av_realloc_array(NULL, sc->stts_count,
>> sizeof(*sc->stts_data));
>> if (!sc->stts_data)
>> return AVERROR(ENOMEM);
>
> i dont know if leaving stts_count random on return is a good idea
Fixed.
>> for (i = 0; i < entries && !pb->eof_reached; i++) {
>> - int sample_duration;
>> + int sample_duration, ret;
>> unsigned int sample_count;
>> + if (i > sc->stts_count) {
>> + ret = av_reallocp_array(&sc->stts_data,
>> + FFMIN(sc->stts_count * 2LL, entries),
>> + sizeof(*sc->stts_data));
>
> this should use a variant of av_fast_realloc
New patch attached, only tested with fate.
Thank you, Carl Eugen
From 85620d03b313f5a684a5e9c06e445180601592f5 Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <[email protected]>
Date: Fri, 29 Dec 2017 02:08:48 +0100
Subject: [PATCH] lavf/mov: Do not blindly allocate huge memory blocks for
stts entries.
Fixes large allocations for short files with invalid stts entry.
Fixes bugzilla 1102.
---
libavformat/mov.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 2064473..df7a40f 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2849,14 +2849,29 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
if (sc->stts_data)
av_log(c->fc, AV_LOG_WARNING, "Duplicated STTS atom\n");
av_free(sc->stts_data);
- sc->stts_count = 0;
- sc->stts_data = av_malloc_array(entries, sizeof(*sc->stts_data));
- if (!sc->stts_data)
+ if (INT_MAX / sizeof(*sc->stts_data) <= entries)
return AVERROR(ENOMEM);
+ sc->stts_count = FFMIN(1024 * 1024, entries);
+ sc->stts_data = av_realloc_array(NULL, sc->stts_count, sizeof(*sc->stts_data));
+ if (!sc->stts_data) {
+ sc->stts_count = 0;
+ return AVERROR(ENOMEM);
+ }
for (i = 0; i < entries && !pb->eof_reached; i++) {
int sample_duration;
- unsigned int sample_count;
+ unsigned int sample_count, alloc_size = sc->stts_count * sizeof(*sc->stts_data);
+ if (i > sc->stts_count) {
+ MOVStts *stts_data = av_fast_realloc(sc->stts_data, &alloc_size,
+ FFMIN(sc->stts_count * 2LL, entries) * sizeof(*sc->stts_data));
+ if (!stts_data) {
+ av_freep(&sc->stts_data);
+ sc->stts_count = 0;
+ return AVERROR(ENOMEM);
+ }
+ sc->stts_count = FFMIN(sc->stts_count * 2, entries);
+ sc->stts_data = stts_data;
+ }
sample_count=avio_rb32(pb);
sample_duration = avio_rb32(pb);
--
1.7.10.4
_______________________________________________
ffmpeg-devel mailing list
[email protected]
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
