Message ID | 451af605-69ea-c944-9e1b-0fb67ae1abcf@googlemail.com |
---|---|
State | Superseded |
Headers | show |
On Sat, Nov 19, 2016 at 02:29:35PM +0100, Andreas Cadhalpun wrote: > This fixes segmentation faults due to stack-overflow caused by too deep > recursion. > > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavcodec/smacker.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) breaks fate [smackvid @ 0x3586b80] size 31232 too large Input #0, smk, from 'fate/fate-suite//smacker/wetlogo.smk': Duration: 00:00:07.10, start: 0.000000, bitrate: 815 kb/s Stream #0:0: Video: smackvideo (SMK2 / 0x324B4D53), pal8, 320x200, 14.08 tbr, 14.08 tbn, 14.08 tbc Stream #0:1: Audio: smackaudio (SMKA / 0x414B4D53), 22050 Hz, mono, u8 [smackvid @ 0x358b860] size 31232 too large Stream mapping: Stream #0:0 -> #0:0 (smackvideo (smackvid) -> rawvideo (native)) Error while opening decoder for input stream #0:0 : Invalid data found when processing input make: *** [fate-smacker-video] Error 1 [...]
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index b8a0c55..0fec7a3 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -184,8 +184,8 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int DBCtx ctx; int err = 0; - if(size >= UINT_MAX>>4){ // (((size + 3) >> 2) + 3) << 2 must not overflow - av_log(smk->avctx, AV_LOG_ERROR, "size too large\n"); + if(size >= 10000){ // Larger sizes can cause segmentation faults due to too deep recursion. + av_log(smk->avctx, AV_LOG_ERROR, "size %d too large\n", size); return AVERROR_INVALIDDATA; }
This fixes segmentation faults due to stack-overflow caused by too deep recursion. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavcodec/smacker.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)