[FFmpeg-devel] [PATCH] smacker: limit recursion depth of smacker_decode_bigtree
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Sat Nov 19 15:29:35 EET 2016
This fixes segmentation faults due to stack-overflow caused by too deep
recursion.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
libavcodec/smacker.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index b8a0c55..0fec7a3 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -184,8 +184,8 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int
DBCtx ctx;
int err = 0;
- if(size >= UINT_MAX>>4){ // (((size + 3) >> 2) + 3) << 2 must not overflow
- av_log(smk->avctx, AV_LOG_ERROR, "size too large\n");
+ if(size >= 10000){ // Larger sizes can cause segmentation faults due to too deep recursion.
+ av_log(smk->avctx, AV_LOG_ERROR, "size %d too large\n", size);
return AVERROR_INVALIDDATA;
}
--
2.10.2
More information about the ffmpeg-devel
mailing list