Skip to content

Commit

Permalink
fmp4: prevent RAM exhaustion by limiting max sample count (#140)
Browse files Browse the repository at this point in the history
  • Loading branch information
aler9 authored Aug 1, 2024
1 parent b9a9ebf commit 8728be3
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pkg/formats/fmp4/fmp4.go
Original file line number Diff line number Diff line change
@@ -1,2 +1,6 @@
// Package fmp4 contains a fragmented-MP4 reader and writer.
package fmp4

const (
maxSamplesPerTrun = 120 * 160 // 120fps * 60 seconds
)
9 changes: 9 additions & 0 deletions pkg/formats/fmp4/parts.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,15 @@ func (ps *Parts) Unmarshal(byts []byte) error {
return nil, fmt.Errorf("unexpected trun")
}

// prevent RAM exhaustion due to unlimited Trun unmarshaling
rawBox := byts[h.BoxInfo.Offset:]
if len(rawBox) >= 16 {
sampleCount := uint32(rawBox[12])<<24 | uint32(rawBox[13])<<16 | uint32(rawBox[14])<<8 | uint32(rawBox[15])
if sampleCount > maxSamplesPerTrun {
return nil, fmt.Errorf("sample count (%d) exceeds maximum (%d)", sampleCount, maxSamplesPerTrun)
}
}

box, _, err := h.ReadPayload()
if err != nil {
return nil, err
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("\x00\x00\x00\xc8moof\x00\x00\x00\x10mfhd\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00`traf\x00\x00\x00\x10tfhd\x00\x00\x00\x00\x00\x01_\x90\x00\x00\x004trun\x00\x01\x00\x00\xf9\xff\xff\x00")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("0000moof\x00\x00\x00\x10mfhd\x00000000000 0traf\x00\x00\x00\x10tfhd\x0000\x00000000\x000trun")

0 comments on commit 8728be3

Please sign in to comment.