diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2010-07-01 00:09:08 +0000 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2010-07-01 00:09:08 +0000 |
commit | 0c0fd063ddef7ae3b97e7d9eac57acefee994d0c (patch) | |
tree | e418b615bc27e7e403ad06509995d6d3e461bd77 | |
parent | 4148855ee4f3506cc1f7341f688e5fa260a017d4 (diff) | |
download | ffmpeg-0c0fd063ddef7ae3b97e7d9eac57acefee994d0c.tar.gz |
Prevent infinite recursion of odml indexes.
This fixes a stack overflow.
Originally committed as revision 23925 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r-- | libavformat/avidec.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 485c4eb93a..7dc528abd1 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -61,6 +61,8 @@ typedef struct { int non_interleaved; int stream_index; DVDemuxContext* dv_demux; + int odml_depth; +#define MAX_ODML_DEPTH 1000 } AVIContext; static const char avi_headers[][8] = { @@ -190,8 +192,15 @@ static int read_braindead_odml_indx(AVFormatContext *s, int frame_num){ pos = url_ftell(pb); + if(avi->odml_depth > MAX_ODML_DEPTH){ + av_log(s, AV_LOG_ERROR, "Too deeply nested ODML indexes\n"); + return -1; + } + url_fseek(pb, offset+8, SEEK_SET); + avi->odml_depth++; read_braindead_odml_indx(s, frame_num); + avi->odml_depth--; frame_num += duration; url_fseek(pb, pos, SEEK_SET); |