On 09/02/16 23:23, Vittorio Giovara wrote: > From: Michael Niedermayer <michae...@gmx.at> > > Fixes call stack overflow > Fixes: case1_call_stack_overflow.mp4 > Found-by: Michal Zalewski <lcam...@coredump.cx> > Signed-off-by: Michael Niedermayer <michae...@gmx.at> > --- > libavformat/isom.h | 1 + > libavformat/mov.c | 13 ++++++++++++- > 2 files changed, 13 insertions(+), 1 deletion(-) > > diff --git a/libavformat/isom.h b/libavformat/isom.h > index f8e398b..b4f0202 100644 > --- a/libavformat/isom.h > +++ b/libavformat/isom.h > @@ -190,6 +190,7 @@ typedef struct MOVContext { > int has_looked_for_mfra; > MOVFragmentIndex** fragment_index_data; > unsigned fragment_index_count; > + int atom_depth; > } MOVContext; > > int ff_mp4_read_descr_len(AVIOContext *pb); > diff --git a/libavformat/mov.c b/libavformat/mov.c > index 8bfe974..be2728c 100644 > --- a/libavformat/mov.c > +++ b/libavformat/mov.c > @@ -3412,6 +3412,12 @@ static int mov_read_default(MOVContext *c, AVIOContext > *pb, MOVAtom atom) > MOVAtom a; > int i; > > + if (c->atom_depth > 10) { > + av_log(c->fc, AV_LOG_ERROR, "Atoms too deeply nested\n"); > + return AVERROR_INVALIDDATA; > + }
why 10? Is it the nesting limit specified somehow? I'm not against the general idea, but I'm not so keen in having possibly valid/borderline files unreadable just because something got nested 11 level deep. lu _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel