[FFmpeg-cvslog] avformat/options_table: Set the default maximum number of streams to 1000

Michael Niedermayer git at videolan.org
Thu Jan 26 02:14:34 EET 2017


ffmpeg | branch: release/3.2 | Michael Niedermayer <michael at niedermayer.cc> | Sat Dec 10 20:15:12 2016 +0100| [3e3e095fc90306b56ed3496d2000676092c5bfb7] | committer: Michael Niedermayer

avformat/options_table: Set the default maximum number of streams to 1000

Fixes CVE-2016-9561, Note the security relevance of this is disputed as
running out of memory can happen with valid files

Suggested-by: Andreas Cadhalpun <andreas.cadhalpun at googlemail.com>
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun at googlemail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 30581c51e72a7a7ea1572c1c6039f6e4c590a55c)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e3e095fc90306b56ed3496d2000676092c5bfb7
---

 libavformat/options_table.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/options_table.h b/libavformat/options_table.h
index d5448e5..a537dda 100644
--- a/libavformat/options_table.h
+++ b/libavformat/options_table.h
@@ -105,7 +105,7 @@ static const AVOption avformat_options[] = {
 {"format_whitelist", "List of demuxers that are allowed to be used", OFFSET(format_whitelist), AV_OPT_TYPE_STRING, { .str = NULL },  CHAR_MIN, CHAR_MAX, D },
 {"protocol_whitelist", "List of protocols that are allowed to be used", OFFSET(protocol_whitelist), AV_OPT_TYPE_STRING, { .str = NULL },  CHAR_MIN, CHAR_MAX, D },
 {"protocol_blacklist", "List of protocols that are not allowed to be used", OFFSET(protocol_blacklist), AV_OPT_TYPE_STRING, { .str = NULL },  CHAR_MIN, CHAR_MAX, D },
-{"max_streams", "maximum number of streams", OFFSET(max_streams), AV_OPT_TYPE_INT, { .i64 = INT_MAX }, 0, INT_MAX, D },
+{"max_streams", "maximum number of streams", OFFSET(max_streams), AV_OPT_TYPE_INT, { .i64 = 1000 }, 0, INT_MAX, D },
 {NULL},
 };
 



More information about the ffmpeg-cvslog mailing list