[FFmpeg-cvslog] Merge commit '0ccddbad200c1d9439c5a836501917d515cddf76'
James Almer
git at videolan.org
Sun Nov 12 06:14:07 EET 2017
ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Sun Nov 12 01:13:07 2017 -0300| [d2ad6f11920e972d0ef53121f74d9e25a3eb4304] | committer: James Almer
Merge commit '0ccddbad200c1d9439c5a836501917d515cddf76'
* commit '0ccddbad200c1d9439c5a836501917d515cddf76':
smacker: limit recursion depth of smacker_decode_bigtree
See 946ecd19ea752399bccc751c9339ff74b815587e
Merged-by: James Almer <jamrial at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d2ad6f11920e972d0ef53121f74d9e25a3eb4304
---
libavcodec/smacker.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index 2077dde4a1..61e316916b 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -44,6 +44,7 @@
#define SMK_NODE 0x80000000
#define SMKTREE_DECODE_MAX_RECURSION 32
+#define SMKTREE_DECODE_BIG_MAX_RECURSION 500
typedef struct SmackVContext {
AVCodecContext *avctx;
@@ -131,12 +132,15 @@ static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, uint32_t pref
/**
* Decode header tree
*/
-static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx, int length)
+static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc,
+ DBCtx *ctx, int length)
{
- if(length > 500) { // Larger length can cause segmentation faults due to too deep recursion.
- av_log(NULL, AV_LOG_ERROR, "length too long\n");
+ // Larger length can cause segmentation faults due to too deep recursion.
+ if (length > SMKTREE_DECODE_BIG_MAX_RECURSION) {
+ av_log(NULL, AV_LOG_ERROR, "Maximum bigtree recursion level exceeded.\n");
return AVERROR_INVALIDDATA;
}
+
if (hc->current + 1 >= hc->length) {
av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n");
return AVERROR_INVALIDDATA;
======================================================================
diff --cc libavcodec/smacker.c
index 2077dde4a1,636e3b48e3..61e316916b
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@@ -42,8 -42,9 +42,9 @@@
#define SMKTREE_BITS 9
#define SMK_NODE 0x80000000
+
#define SMKTREE_DECODE_MAX_RECURSION 32
+ #define SMKTREE_DECODE_BIG_MAX_RECURSION 500
typedef struct SmackVContext {
AVCodecContext *avctx;
@@@ -131,12 -133,15 +132,15 @@@ static int smacker_decode_tree(GetBitCo
/**
* Decode header tree
*/
- static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx, int length)
-static int smacker_decode_bigtree(BitstreamContext *bc, HuffContext *hc,
++static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc,
+ DBCtx *ctx, int length)
{
- if(length > 500) { // Larger length can cause segmentation faults due to too deep recursion.
- av_log(NULL, AV_LOG_ERROR, "length too long\n");
+ // Larger length can cause segmentation faults due to too deep recursion.
+ if (length > SMKTREE_DECODE_BIG_MAX_RECURSION) {
+ av_log(NULL, AV_LOG_ERROR, "Maximum bigtree recursion level exceeded.\n");
return AVERROR_INVALIDDATA;
}
+
if (hc->current + 1 >= hc->length) {
av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n");
return AVERROR_INVALIDDATA;
More information about the ffmpeg-cvslog
mailing list