diff mbox series

[FFmpeg-devel,Resubmission] avformat/mov: Don't allocate unnecessarily large blocks of memory

Message ID f6444945-ed37-640b-50cd-715d9f8f4fa5@googlemail.com
State New
Headers show
Series [FFmpeg-devel,Resubmission] avformat/mov: Don't allocate unnecessarily large blocks of memory | expand

Checks

Context Check Description
yinshiyou/make_fate_loongarch64 success Make fate finished
yinshiyou/make_loongarch64 warning New warnings during build
andriy/make_fate_x86 success Make fate finished
andriy/make_x86 warning New warnings during build

Commit Message

Hendi June 9, 2023, 12:31 a.m. UTC 
Attached this time, Thunderbird trashed the first one.
From 46cef86a0ffd5f9e0bbf74c99e4ee32120823cb1 Mon Sep 17 00:00:00 2001
From: Hendi <hendi48@freenet.de>
Date: Fri, 9 Jun 2023 01:13:25 +0200
Subject: [PATCH] avformat/mov: Don't allocate unnecessarily large blocks of
 memory

mov_try_read_block is regularly called with sizes such as 48 bytes,
but would allocate 1 MiB each time, hogging more and more memory
until playback ends.

Fixes #7641 and #9243.

Signed-off-by: Hendi <hendi48@freenet.de>
---
 libavformat/mov.c | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/libavformat/mov.c b/libavformat/mov.c
index a8d004e02b..2e4df42256 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -6662,6 +6662,9 @@  static int mov_try_read_block(AVIOContext *pb, size_t size, uint8_t **data)
     while (offset < size) {
         unsigned int new_size =
             alloc_size >= INT_MAX - block_size ? INT_MAX : alloc_size + block_size;
+        if (size < new_size) {
+            new_size = size;
+        }
         uint8_t *new_buffer = av_fast_realloc(buffer, &alloc_size, new_size);
         unsigned int to_read = FFMIN(size, alloc_size) - offset;
         if (!new_buffer) {