After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 788246 - rtpvorbisdepay: unbounded memory usage
rtpvorbisdepay: unbounded memory usage
Status: RESOLVED OBSOLETE
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
git master
Other Linux
: Normal normal
: git master
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2017-09-27 14:24 UTC by Alban Bedel
Modified: 2018-11-03 15:22 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Proposed patch to fix the issue (2.03 KB, patch)
2017-09-27 14:24 UTC, Alban Bedel
needs-work Details | Review

Description Alban Bedel 2017-09-27 14:24:33 UTC
Created attachment 360539 [details] [review]
Proposed patch to fix the issue

In rtpvorbisdepay all received configurations are parsed and added to a list, this lead to an unbounded memory usage. As the configuration is resent every second this quickly lead to a large memory usage.

Attached is a patch that fix this issue.
Comment 1 Sebastian Dröge (slomo) 2017-09-28 09:28:56 UTC
Comment on attachment 360539 [details] [review]
Proposed patch to fix the issue

Thanks! As Vorbis only has up to 3 (3? The first header, the huffman tables and the tags IIRC?) headers, it would make sense to limit this even more to also handle the malicious sender case
Comment 2 Sebastian Dröge (slomo) 2017-09-28 09:29:29 UTC
And IIRC the headers always must come in that order
Comment 3 GStreamer system administrator 2018-11-03 15:22:19 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/issues/405.