Mercurial > libavformat.hg

changeset 6202:4fa881b244fa libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Prevent infinite recursion of odml indexes. This fixes a stack overflow.
author michael
date Thu, 01 Jul 2010 00:09:08 +0000
parents f5cb0b79f58c
children 24d0c5dec55a
files avidec.c
diffstat 1 files changed, 9 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/avidec.c	Wed Jun 30 23:01:44 2010 +0000
+++ b/avidec.c	Thu Jul 01 00:09:08 2010 +0000
@@ -61,6 +61,8 @@
     int non_interleaved;
     int stream_index;
     DVDemuxContext* dv_demux;
+    int odml_depth;
+#define MAX_ODML_DEPTH 1000
 } AVIContext;
 
 static const char avi_headers[][8] = {
@@ -190,8 +192,15 @@
 
             pos = url_ftell(pb);
 
+            if(avi->odml_depth > MAX_ODML_DEPTH){
+                av_log(s, AV_LOG_ERROR, "Too deeply nested ODML indexes\n");
+                return -1;
+            }
+
             url_fseek(pb, offset+8, SEEK_SET);
+            avi->odml_depth++;
             read_braindead_odml_indx(s, frame_num);
+            avi->odml_depth--;
             frame_num += duration;
 
             url_fseek(pb, pos, SEEK_SET);