On 10.12.2016 20:15, Michael Niedermayer wrote:
> Fixes CVE-2016-9561
I think the commit message should mention that the security relevance of
this is disputed, as running out of memory can happen with valid files.
> Suggested-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> ---
> libavformat/options_table.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/options_table.h b/libavformat/options_table.h
> index d5448e503f..a537dda95e 100644
> --- a/libavformat/options_table.h
> +++ b/libavformat/options_table.h
> @@ -105,7 +105,7 @@ static const AVOption avformat_options[] = {
> {"format_whitelist", "List of demuxers that are allowed to be used",
> OFFSET(format_whitelist), AV_OPT_TYPE_STRING, { .str = NULL }, CHAR_MIN,
> CHAR_MAX, D },
> {"protocol_whitelist", "List of protocols that are allowed to be used",
> OFFSET(protocol_whitelist), AV_OPT_TYPE_STRING, { .str = NULL }, CHAR_MIN,
> CHAR_MAX, D },
> {"protocol_blacklist", "List of protocols that are not allowed to be used",
> OFFSET(protocol_blacklist), AV_OPT_TYPE_STRING, { .str = NULL }, CHAR_MIN,
> CHAR_MAX, D },
> -{"max_streams", "maximum number of streams", OFFSET(max_streams),
> AV_OPT_TYPE_INT, { .i64 = INT_MAX }, 0, INT_MAX, D },
> +{"max_streams", "maximum number of streams", OFFSET(max_streams),
> AV_OPT_TYPE_INT, { .i64 = 1000 }, 0, INT_MAX, D },
> {NULL},
> };
The change itself looks good to me.
Best regards,
Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
