This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/6.1 in repository ffmpeg.
commit ff89883273a9ec8e9a18d3b9329f93c07c6b9d09 Author: Michael Niedermayer <[email protected]> AuthorDate: Thu Jan 22 21:11:34 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 17:13:19 2026 +0200 fftools/ffmpeg_opt: limit recursion of presets Fixes: stack overflow This should have limited security impact as it requires access to arbitrary options. Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0833dd3665baede81ae700ae7e04a7c5143984af) Signed-off-by: Michael Niedermayer <[email protected]> --- fftools/ffmpeg.h | 2 ++ fftools/ffmpeg_opt.c | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/fftools/ffmpeg.h b/fftools/ffmpeg.h index 25604e05a5..4066dbeaf7 100644 --- a/fftools/ffmpeg.h +++ b/fftools/ffmpeg.h @@ -282,6 +282,8 @@ typedef struct OptionsContext { int nb_enc_stats_post_fmt; SpecifierOpt *mux_stats_fmt; int nb_mux_stats_fmt; + + int depth; } OptionsContext; typedef struct InputFilter { diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c index 304471dd03..02a1d017ff 100644 --- a/fftools/ffmpeg_opt.c +++ b/fftools/ffmpeg_opt.c @@ -1015,6 +1015,12 @@ static int opt_preset(void *optctx, const char *opt, const char *arg) char filename[1000], line[1000], tmp_line[1000]; const char *codec_name = NULL; int ret = 0; + int depth = o->depth; + + if (depth > 2) { + av_log(NULL, AV_LOG_ERROR, "too deep recursion\n"); + return AVERROR(EINVAL); + } tmp_line[0] = *opt; tmp_line[1] = 0; @@ -1028,6 +1034,7 @@ static int opt_preset(void *optctx, const char *opt, const char *arg) return AVERROR(ENOENT); } + o->depth ++; while (fgets(line, sizeof(line), f)) { char *key = tmp_line, *value, *endptr; @@ -1055,6 +1062,7 @@ static int opt_preset(void *optctx, const char *opt, const char *arg) } fail: + o->depth = depth; fclose(f); return ret; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
