On Thu, Mar 21, 2024 at 11:59:17PM -0300, James Almer wrote:
> On 3/21/2024 11:25 PM, Michael Niedermayer wrote:
> > Hi all
> > 
> > we have code like
> > st->codecpar->ch_layout.nb_channels = avio_rb32(pb);
> > 
> > and then somewhere there is some code that uses this by first allocating
> > an array and that then hits OOM
> > (it was this here:
> >      map = av_calloc(nb_channels, sizeof(*channel_layout->u.map));)
> > 
> > is anyone against adding a max_channels field to AVFormatContext  or something
> > like that ?
> > 
> > alternative is "wont fix" for all such cases, or maybe someone sees another way ?
> > 
> > thx
> 
> We have FF_SANE_NB_CHANNELS, so maybe add a check for it to mxfdec.c (Where
> i assume this is happening) and mov_chan.c or mov.c before continuing with
> such a layout.

wasnt mxf, ill send a patch

thanks!

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I do not agree with what you have to say, but I'll defend to the death your
right to say it. -- Voltaire