From 30581c51e72a7a7ea1572c1c6039f6e4c590a55c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 10 Dec 2016 20:15:12 +0100 Subject: [PATCH] avformat/options_table: Set the default maximum number of streams to 1000 Fixes CVE-2016-9561, Note the security relevance of this is disputed as running out of memory can happen with valid files Suggested-by: Andreas Cadhalpun Reviewed-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer --- libavformat/options_table.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/options_table.h b/libavformat/options_table.h index d5448e503f..a537dda95e 100644 --- a/libavformat/options_table.h +++ b/libavformat/options_table.h @@ -105,7 +105,7 @@ static const AVOption avformat_options[] = { {"format_whitelist", "List of demuxers that are allowed to be used", OFFSET(format_whitelist), AV_OPT_TYPE_STRING, { .str = NULL }, CHAR_MIN, CHAR_MAX, D }, {"protocol_whitelist", "List of protocols that are allowed to be used", OFFSET(protocol_whitelist), AV_OPT_TYPE_STRING, { .str = NULL }, CHAR_MIN, CHAR_MAX, D }, {"protocol_blacklist", "List of protocols that are not allowed to be used", OFFSET(protocol_blacklist), AV_OPT_TYPE_STRING, { .str = NULL }, CHAR_MIN, CHAR_MAX, D }, -{"max_streams", "maximum number of streams", OFFSET(max_streams), AV_OPT_TYPE_INT, { .i64 = INT_MAX }, 0, INT_MAX, D }, +{"max_streams", "maximum number of streams", OFFSET(max_streams), AV_OPT_TYPE_INT, { .i64 = 1000 }, 0, INT_MAX, D }, {NULL}, };