aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2010-07-01 00:09:08 +0000
committerMichael Niedermayer <michaelni@gmx.at>2010-07-01 00:09:08 +0000
commit0c0fd063ddef7ae3b97e7d9eac57acefee994d0c (patch)
treee418b615bc27e7e403ad06509995d6d3e461bd77
parent4148855ee4f3506cc1f7341f688e5fa260a017d4 (diff)
downloadffmpeg-0c0fd063ddef7ae3b97e7d9eac57acefee994d0c.tar.gz
Prevent infinite recursion of odml indexes.
This fixes a stack overflow. Originally committed as revision 23925 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r--libavformat/avidec.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 485c4eb93a..7dc528abd1 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -61,6 +61,8 @@ typedef struct {
int non_interleaved;
int stream_index;
DVDemuxContext* dv_demux;
+ int odml_depth;
+#define MAX_ODML_DEPTH 1000
} AVIContext;
static const char avi_headers[][8] = {
@@ -190,8 +192,15 @@ static int read_braindead_odml_indx(AVFormatContext *s, int frame_num){
pos = url_ftell(pb);
+ if(avi->odml_depth > MAX_ODML_DEPTH){
+ av_log(s, AV_LOG_ERROR, "Too deeply nested ODML indexes\n");
+ return -1;
+ }
+
url_fseek(pb, offset+8, SEEK_SET);
+ avi->odml_depth++;
read_braindead_odml_indx(s, frame_num);
+ avi->odml_depth--;
frame_num += duration;
url_fseek(pb, pos, SEEK_SET);