github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-20 21:00:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

fftools/ffmpeg_opt: limit recursion of presets

Browse Source 
Fixes: stack overflow

This should have limited security impact as it requires access to arbitrary
options.

Found-by: Zhenpeng (Leo) Lin from depthfirst
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-01-22 21:11:34 +01:00
committed by michaelni
parent 1fd128ef3a
commit 0833dd3665
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fftools/ffmpeg.h
View File

@@ -258,6 +258,8 @@ typedef struct OptionsContext {
SpecifierOptList enc_stats_pre_fmt;
SpecifierOptList enc_stats_post_fmt;
SpecifierOptList mux_stats_fmt;
int depth;
} OptionsContext;
enum IFilterFlags {

8
fftools/ffmpeg_opt.c
View File

@@ -1110,6 +1110,12 @@ static int opt_preset(void *optctx, const char *opt, const char *arg)
char filename[1000], line[1000], tmp_line[1000];
const char *codec_name = NULL;
int ret = 0;
int depth = o->depth;
if (depth > 2) {
av_log(NULL, AV_LOG_ERROR, "too deep recursion\n");
return AVERROR(EINVAL);
}
codec_name = opt_match_per_type_str(&o->codec_names, *opt);
@@ -1121,6 +1127,7 @@ static int opt_preset(void *optctx, const char *opt, const char *arg)
return AVERROR(ENOENT);
}
o->depth ++;
while (fgets(line, sizeof(line), f)) {
char *key = tmp_line, *value, *endptr;
@@ -1149,6 +1156,7 @@ static int opt_preset(void *optctx, const char *opt, const char *arg)
}
fail:
o->depth = depth;
fclose(f);
return ret;