From 0c0fd063ddef7ae3b97e7d9eac57acefee994d0c Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 1 Jul 2010 00:09:08 +0000
Subject: [PATCH] Prevent infinite recursion of odml indexes. This fixes a
 stack overflow.

Originally committed as revision 23925 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/avidec.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 485c4eb93ab..7dc528abd1d 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -61,6 +61,8 @@ typedef struct {
     int non_interleaved;
     int stream_index;
     DVDemuxContext* dv_demux;
+    int odml_depth;
+#define MAX_ODML_DEPTH 1000
 } AVIContext;
 
 static const char avi_headers[][8] = {
@@ -190,8 +192,15 @@ static int read_braindead_odml_indx(AVFormatContext *s, int frame_num){
 
             pos = url_ftell(pb);
 
+            if(avi->odml_depth > MAX_ODML_DEPTH){
+                av_log(s, AV_LOG_ERROR, "Too deeply nested ODML indexes\n");
+                return -1;
+            }
+
             url_fseek(pb, offset+8, SEEK_SET);
+            avi->odml_depth++;
             read_braindead_odml_indx(s, frame_num);
+            avi->odml_depth--;
             frame_num += duration;
 
             url_fseek(pb, pos, SEEK_SET);
-- 
GitLab