diff options
author | James Almer <jamrial@gmail.com> | 2017-11-12 01:13:07 -0300 |
---|---|---|
committer | James Almer <jamrial@gmail.com> | 2017-11-12 01:13:07 -0300 |
commit | d2ad6f11920e972d0ef53121f74d9e25a3eb4304 (patch) | |
tree | 341086ecf1e45d663f8dffebe4fdc5e75418fcf1 /libavcodec/smacker.c | |
parent | b3e5899e475d02dc0730e9405b4c067c8c78d8f4 (diff) | |
parent | 0ccddbad200c1d9439c5a836501917d515cddf76 (diff) | |
download | ffmpeg-d2ad6f11920e972d0ef53121f74d9e25a3eb4304.tar.gz |
Merge commit '0ccddbad200c1d9439c5a836501917d515cddf76'
* commit '0ccddbad200c1d9439c5a836501917d515cddf76':
smacker: limit recursion depth of smacker_decode_bigtree
See 946ecd19ea752399bccc751c9339ff74b815587e
Merged-by: James Almer <jamrial@gmail.com>
Diffstat (limited to 'libavcodec/smacker.c')
-rw-r--r-- | libavcodec/smacker.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 2077dde4a1..61e316916b 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -44,6 +44,7 @@ #define SMK_NODE 0x80000000 #define SMKTREE_DECODE_MAX_RECURSION 32 +#define SMKTREE_DECODE_BIG_MAX_RECURSION 500 typedef struct SmackVContext { AVCodecContext *avctx; @@ -131,12 +132,15 @@ static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, uint32_t pref /** * Decode header tree */ -static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx, int length) +static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, + DBCtx *ctx, int length) { - if(length > 500) { // Larger length can cause segmentation faults due to too deep recursion. - av_log(NULL, AV_LOG_ERROR, "length too long\n"); + // Larger length can cause segmentation faults due to too deep recursion. + if (length > SMKTREE_DECODE_BIG_MAX_RECURSION) { + av_log(NULL, AV_LOG_ERROR, "Maximum bigtree recursion level exceeded.\n"); return AVERROR_INVALIDDATA; } + if (hc->current + 1 >= hc->length) { av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n"); return AVERROR_INVALIDDATA; |