From 0c0fd063ddef7ae3b97e7d9eac57acefee994d0c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 1 Jul 2010 00:09:08 +0000 Subject: [PATCH] Prevent infinite recursion of odml indexes. This fixes a stack overflow. Originally committed as revision 23925 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavformat/avidec.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 485c4eb93a..7dc528abd1 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -61,6 +61,8 @@ typedef struct { int non_interleaved; int stream_index; DVDemuxContext* dv_demux; + int odml_depth; +#define MAX_ODML_DEPTH 1000 } AVIContext; static const char avi_headers[][8] = { @@ -190,8 +192,15 @@ static int read_braindead_odml_indx(AVFormatContext *s, int frame_num){ pos = url_ftell(pb); + if(avi->odml_depth > MAX_ODML_DEPTH){ + av_log(s, AV_LOG_ERROR, "Too deeply nested ODML indexes\n"); + return -1; + } + url_fseek(pb, offset+8, SEEK_SET); + avi->odml_depth++; read_braindead_odml_indx(s, frame_num); + avi->odml_depth--; frame_num += duration; url_fseek(pb, pos, SEEK_SET);