This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/5.1 in repository ffmpeg.
commit fa7b9317f1d949b156a70979f37da796ef7e4721 Author: Michael Niedermayer <[email protected]> AuthorDate: Thu Jan 22 21:11:34 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 15:21:03 2026 +0200 fftools/ffmpeg_opt: limit recursion of presets Fixes: stack overflow This should have limited security impact as it requires access to arbitrary options. Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0833dd3665baede81ae700ae7e04a7c5143984af) Signed-off-by: Michael Niedermayer <[email protected]> --- fftools/ffmpeg.h | 3 +++ fftools/ffmpeg_opt.c | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/fftools/ffmpeg.h b/fftools/ffmpeg.h index 391a35cf50..94447147f4 100644 --- a/fftools/ffmpeg.h +++ b/fftools/ffmpeg.h @@ -237,6 +237,9 @@ typedef struct OptionsContext { int nb_autoscale; SpecifierOpt *bits_per_raw_sample; int nb_bits_per_raw_sample; + + + int depth; } OptionsContext; typedef struct InputFilter { diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c index 65b4cc3cd8..7a4b5fed72 100644 --- a/fftools/ffmpeg_opt.c +++ b/fftools/ffmpeg_opt.c @@ -3267,6 +3267,12 @@ static int opt_preset(void *optctx, const char *opt, const char *arg) FILE *f=NULL; char filename[1000], line[1000], tmp_line[1000]; const char *codec_name = NULL; + int depth = o->depth; + + if (depth > 2) { + av_log(NULL, AV_LOG_ERROR, "too deep recursion\n"); + return AVERROR(EINVAL); + } tmp_line[0] = *opt; tmp_line[1] = 0; @@ -3280,6 +3286,7 @@ static int opt_preset(void *optctx, const char *opt, const char *arg) exit_program(1); } + o->depth ++; while (fgets(line, sizeof(line), f)) { char *key = tmp_line, *value, *endptr; @@ -3304,6 +3311,7 @@ static int opt_preset(void *optctx, const char *opt, const char *arg) } } + o->depth = depth; fclose(f); return 0; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
