virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00
Code Issues Releases Activity

Merge commit '0ccddbad200c1d9439c5a836501917d515cddf76'

Browse Source 
* commit '0ccddbad200c1d9439c5a836501917d515cddf76':
  smacker: limit recursion depth of smacker_decode_bigtree

See 946ecd19ea

Merged-by: James Almer <jamrial@gmail.com>
This commit is contained in:
James Almer 2017-11-12 01:13:07 -03:00
commit d2ad6f1192
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libavcodec/smacker.c
View File

@ -44,6 +44,7 @@
#define SMK_NODE 0x80000000 #define SMK_NODE 0x80000000
#define SMKTREE_DECODE_MAX_RECURSION 32 #define SMKTREE_DECODE_MAX_RECURSION 32
#define SMKTREE_DECODE_BIG_MAX_RECURSION 500
typedef struct SmackVContext { typedef struct SmackVContext {
AVCodecContext *avctx; AVCodecContext *avctx;
@ -131,12 +132,15 @@ static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, uint32_t pref
/** /**
* Decode header tree * Decode header tree
*/ */
static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx, int length) static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc,
DBCtx *ctx, int length)
{ {
if(length > 500) { // Larger length can cause segmentation faults due to too deep recursion. // Larger length can cause segmentation faults due to too deep recursion.
av_log(NULL, AV_LOG_ERROR, "length too long\n"); if (length > SMKTREE_DECODE_BIG_MAX_RECURSION) {
av_log(NULL, AV_LOG_ERROR, "Maximum bigtree recursion level exceeded.\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
if (hc->current + 1 >= hc->length) { if (hc->current + 1 >= hc->length) {
av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n"); av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;