search

discord / lilliput

Resize images and animated GIFs in Go
https://discord.com/blog/how-discord-resizes-150-million-images-every-day-with-go-and-c
Other
1.94k stars 124 forks source link

Validate mp4 atom size #141

Closed skidder closed 7 months ago

skidder commented 7 months ago

Modifications

Add validation of atom size to avoid infinite loops or integer overflow during the check for streaming-optimized mp4.

Testing

Added two test media files with invalid mp4 atoms (edited with hexedit) to exercise the new atom-size validation.

Big Atom

Modified the moov atom to be named MOOO and set atom length to 64KB, exceeding the size of the buffer and the actual length of the atom.

→ AtomicParsley big_buck_bunny_480p_10s_big_atom.mp4 -T
Atom ftyp @ 0 of size: 32, ends @ 32
Atom MOOO @ 32 of size: 65536, ends @ 65568                          ~
Atom Zly @ 65568 of size: 1161456, ends @ 1227024                            ~

 ~ denotes an unknown atom
------------------------------------------------------
Total size: 1227024 bytes; 2 atoms total.
Media data: 0 bytes; 1227024 bytes all other atoms (100.000% atom overhead).
Total free atom space: 0 bytes; 0.000% waste.
------------------------------------------------------
AtomicParsley version:   (utf8)
------------------------------------------------------

Zero-length Atom

Modified the moov atom to be named MOOO and declared length as zero bytes, which is invalid.

→ AtomicParsley big_buck_bunny_480p_10s_zero_length_atom.mp4 -T
Atom ftyp @ 0 of size: 32, ends @ 32
Atom MOOO @ 32 of size: 1226992 (0*), ends @ 1227024
             (*)denotes length of atom goes to End-of-File
------------------------------------------------------
Total size: 1227024 bytes; 1 atoms total.
Media data: 0 bytes; 1227024 bytes all other atoms (100.000% atom overhead).
Total free atom space: 0 bytes; 0.000% waste.
------------------------------------------------------
AtomicParsley version:   (utf8)
------------------------------------------------------