On 03/03/16 01:23, Vittorio Giovara wrote: > On Tue, Feb 9, 2016 at 5:45 PM, Luca Barbato <[email protected]> wrote: >> On 09/02/16 23:23, Vittorio Giovara wrote: >>> From: Michael Niedermayer <[email protected]> >>> >>> Fixes call stack overflow >>> Fixes: case1_call_stack_overflow.mp4 >>> Found-by: Michal Zalewski <[email protected]> >>> Signed-off-by: Michael Niedermayer <[email protected]> >>> --- >>> libavformat/isom.h | 1 + >>> libavformat/mov.c | 13 ++++++++++++- >>> 2 files changed, 13 insertions(+), 1 deletion(-) >>> >>> diff --git a/libavformat/isom.h b/libavformat/isom.h >>> index f8e398b..b4f0202 100644 >>> --- a/libavformat/isom.h >>> +++ b/libavformat/isom.h >>> @@ -190,6 +190,7 @@ typedef struct MOVContext { >>> int has_looked_for_mfra; >>> MOVFragmentIndex** fragment_index_data; >>> unsigned fragment_index_count; >>> + int atom_depth; >>> } MOVContext; >>> >>> int ff_mp4_read_descr_len(AVIOContext *pb); >>> diff --git a/libavformat/mov.c b/libavformat/mov.c >>> index 8bfe974..be2728c 100644 >>> --- a/libavformat/mov.c >>> +++ b/libavformat/mov.c >>> @@ -3412,6 +3412,12 @@ static int mov_read_default(MOVContext *c, >>> AVIOContext *pb, MOVAtom atom) >>> MOVAtom a; >>> int i; >>> >>> + if (c->atom_depth > 10) { >>> + av_log(c->fc, AV_LOG_ERROR, "Atoms too deeply nested\n"); >>> + return AVERROR_INVALIDDATA; >>> + } >> >> why 10? Is it the nesting limit specified somehow? >> >> I'm not against the general idea, but I'm not so keen in having possibly >> valid/borderline files unreadable just because something got nested 11 >> level deep. > > So what is the definite idea for this patch? >
Derek suggested to provide a default that is sort of safe (42?) and have it as option since nothing in the specification prevents from nesting as much as you like. lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
