mirror of
https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg
synced 2026-04-20 21:00:41 +08:00
fftools/ffmpeg_opt: limit recursion of presets
Fixes: stack overflow This should have limited security impact as it requires access to arbitrary options. Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
committed by
michaelni
parent
1fd128ef3a
commit
0833dd3665
@@ -258,6 +258,8 @@ typedef struct OptionsContext {
|
||||
SpecifierOptList enc_stats_pre_fmt;
|
||||
SpecifierOptList enc_stats_post_fmt;
|
||||
SpecifierOptList mux_stats_fmt;
|
||||
|
||||
int depth;
|
||||
} OptionsContext;
|
||||
|
||||
enum IFilterFlags {
|
||||
|
||||
@@ -1110,6 +1110,12 @@ static int opt_preset(void *optctx, const char *opt, const char *arg)
|
||||
char filename[1000], line[1000], tmp_line[1000];
|
||||
const char *codec_name = NULL;
|
||||
int ret = 0;
|
||||
int depth = o->depth;
|
||||
|
||||
if (depth > 2) {
|
||||
av_log(NULL, AV_LOG_ERROR, "too deep recursion\n");
|
||||
return AVERROR(EINVAL);
|
||||
}
|
||||
|
||||
codec_name = opt_match_per_type_str(&o->codec_names, *opt);
|
||||
|
||||
@@ -1121,6 +1127,7 @@ static int opt_preset(void *optctx, const char *opt, const char *arg)
|
||||
return AVERROR(ENOENT);
|
||||
}
|
||||
|
||||
o->depth ++;
|
||||
while (fgets(line, sizeof(line), f)) {
|
||||
char *key = tmp_line, *value, *endptr;
|
||||
|
||||
@@ -1149,6 +1156,7 @@ static int opt_preset(void *optctx, const char *opt, const char *arg)
|
||||
}
|
||||
|
||||
fail:
|
||||
o->depth = depth;
|
||||
fclose(f);
|
||||
|
||||
return ret;
|
||||
|
||||
Reference in New Issue
Block a user