[FFmpeg-devel] [PATCH 1/2] avformat/options_table: Set the default maximum number of streams to 1000
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Tue Dec 13 01:33:09 EET 2016
On 10.12.2016 20:15, Michael Niedermayer wrote:
> Fixes CVE-2016-9561
I think the commit message should mention that the security relevance of
this is disputed, as running out of memory can happen with valid files.
> Suggested-by: Andreas Cadhalpun <andreas.cadhalpun at googlemail.com>
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/options_table.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/options_table.h b/libavformat/options_table.h
> index d5448e503f..a537dda95e 100644
> --- a/libavformat/options_table.h
> +++ b/libavformat/options_table.h
> @@ -105,7 +105,7 @@ static const AVOption avformat_options[] = {
> {"format_whitelist", "List of demuxers that are allowed to be used", OFFSET(format_whitelist), AV_OPT_TYPE_STRING, { .str = NULL }, CHAR_MIN, CHAR_MAX, D },
> {"protocol_whitelist", "List of protocols that are allowed to be used", OFFSET(protocol_whitelist), AV_OPT_TYPE_STRING, { .str = NULL }, CHAR_MIN, CHAR_MAX, D },
> {"protocol_blacklist", "List of protocols that are not allowed to be used", OFFSET(protocol_blacklist), AV_OPT_TYPE_STRING, { .str = NULL }, CHAR_MIN, CHAR_MAX, D },
> -{"max_streams", "maximum number of streams", OFFSET(max_streams), AV_OPT_TYPE_INT, { .i64 = INT_MAX }, 0, INT_MAX, D },
> +{"max_streams", "maximum number of streams", OFFSET(max_streams), AV_OPT_TYPE_INT, { .i64 = 1000 }, 0, INT_MAX, D },
> {NULL},
> };
The change itself looks good to me.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list