[libav-devel] [PATCH] smacker: limit recursion depth of smacker_decode_bigtree

Andreas Cadhalpun Sat, 19 Nov 2016 05:29:55 -0800

This fixes segmentation faults due to stack-overflow caused by too deep
recursion.


Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
 libavcodec/smacker.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index b8a0c55..0fec7a3 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -184,8 +184,8 @@ static int smacker_decode_header_tree(SmackVContext *smk, 
GetBitContext *gb, int
     DBCtx ctx;
     int err = 0;
 
-    if(size >= UINT_MAX>>4){ // (((size + 3) >> 2) + 3) << 2 must not overflow
-        av_log(smk->avctx, AV_LOG_ERROR, "size too large\n");
+    if(size >= 10000){ // Larger sizes can cause segmentation faults due to 
too deep recursion.
+        av_log(smk->avctx, AV_LOG_ERROR, "size %d too large\n", size);
         return AVERROR_INVALIDDATA;
     }
 
-- 
2.10.2
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel

[libav-devel] [PATCH] smacker: limit recursion depth of smacker_decode_bigtree

Reply via email to