mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-08 13:22:53 +02:00
Merge commit '0ccddbad200c1d9439c5a836501917d515cddf76'
* commit '0ccddbad200c1d9439c5a836501917d515cddf76':
smacker: limit recursion depth of smacker_decode_bigtree
See 946ecd19ea
Merged-by: James Almer <jamrial@gmail.com>
This commit is contained in:
commit
d2ad6f1192
@ -44,6 +44,7 @@
|
||||
#define SMK_NODE 0x80000000
|
||||
|
||||
#define SMKTREE_DECODE_MAX_RECURSION 32
|
||||
#define SMKTREE_DECODE_BIG_MAX_RECURSION 500
|
||||
|
||||
typedef struct SmackVContext {
|
||||
AVCodecContext *avctx;
|
||||
@ -131,12 +132,15 @@ static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, uint32_t pref
|
||||
/**
|
||||
* Decode header tree
|
||||
*/
|
||||
static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx, int length)
|
||||
static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc,
|
||||
DBCtx *ctx, int length)
|
||||
{
|
||||
if(length > 500) { // Larger length can cause segmentation faults due to too deep recursion.
|
||||
av_log(NULL, AV_LOG_ERROR, "length too long\n");
|
||||
// Larger length can cause segmentation faults due to too deep recursion.
|
||||
if (length > SMKTREE_DECODE_BIG_MAX_RECURSION) {
|
||||
av_log(NULL, AV_LOG_ERROR, "Maximum bigtree recursion level exceeded.\n");
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
|
||||
if (hc->current + 1 >= hc->length) {
|
||||
av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n");
|
||||
return AVERROR_INVALIDDATA;
|
||||
|
Loading…
Reference in New Issue
Block a user