ffmpeg/FFmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2024-09-19 21:06:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit '0ccddbad200c1d9439c5a836501917d515cddf76'

Browse Source 
* commit '0ccddbad200c1d9439c5a836501917d515cddf76':
  smacker: limit recursion depth of smacker_decode_bigtree

See 946ecd19ea

Merged-by: James Almer <jamrial@gmail.com>
This commit is contained in:
James Almer 2017-11-12 01:13:07 -03:00
commit d2ad6f1192
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libavcodec/smacker.c
View File

@ -44,6 +44,7 @@
#define SMK_NODE 0x80000000
#define SMKTREE_DECODE_MAX_RECURSION 32
#define SMKTREE_DECODE_BIG_MAX_RECURSION 500
typedef struct SmackVContext {
AVCodecContext *avctx;
@ -131,12 +132,15 @@ static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, uint32_t pref
/**
* Decode header tree
*/
static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx, int length)
static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc,
DBCtx *ctx, int length)
{
if(length > 500) { // Larger length can cause segmentation faults due to too deep recursion.
av_log(NULL, AV_LOG_ERROR, "length too long\n");
// Larger length can cause segmentation faults due to too deep recursion.
if (length > SMKTREE_DECODE_BIG_MAX_RECURSION) {
av_log(NULL, AV_LOG_ERROR, "Maximum bigtree recursion level exceeded.\n");
return AVERROR_INVALIDDATA;
}
if (hc->current + 1 >= hc->length) {
av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n");
return AVERROR_INVALIDDATA;