From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 1C6514D3ED for ; Fri, 23 Jan 2026 02:43:33 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'wR+NdGwZ3x2b8jDOebfLPRwC0gSDTxdaF/ZQIxKkyJ0=', expected b'uFnz6sAOO/UaYwjx4hMoChDHlnNAM0ADpqOcEe1xLQ0=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1769136201; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=wR+NdGwZ3x2b8jDOebfLPRwC0gSDTxdaF/ZQIxKkyJ0=; b=C3FPmMx9lTLbQbGlzWhOCbbNLQrlpnXW84DUAgvjZtI3mHcKLBjArZ3uUvTUKupi9plYF agyrObu+ykScNkfX6HsevxmcWsGN22eoKldwV5AZrtl8Vz6Qvnj2SOfKdGFTwGDRf1az2x5 K6JahDjVaF32dU8wHhCv3WP6/dM75GwtvCx/DLelgTLRPLzb99KzIxluSGpditlug31VyO4 jG/yoH7T2s/4P18KtvI9CRzd6qUS3xKfDjPcz1Nfg96Q5ruVWoY8nJG7CP7BFOEXszvacHN H65om0DrGyP/OTXomxJClxEfv+TRmnGlyIsabUlGgtsB8MlmIY36Mpbxq1Ew== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 6ED106911A8; Fri, 23 Jan 2026 04:43:21 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1769136187; b=t8iBzelxcqSmbS+/JZjGQ4CD3sj9K9BOPP41Py8xClvVyp+omSloLdTzLeObrfRqsj791 EZ747w0qb3vw4doK1+L2JDkih+FbnED5GKZ90CwxbNkv3nUzL96mzpXQflKFk64HLfAiW7R v3wgM1xzLWo6tjsVagXonYIeSUxOrufH2LFPwm7g0YXt5njSEpjP939RWpQj8vVvv+AqbBV /0GhEagEoWeNq+FnE37E47eL7DkFVaA/aduwS/+czl9FtuaJADlWcDyJbZvpxDs8ib70RcE QeGV/AiyiTBnrBTg7qoQ2S9UC6iFr6uSxobJecYWtFhvjQUv9IG4o3COEarQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1769136187; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=1Ri6KKITcLu56CI7T6unNAKA97s7aM7GGBpcC8+hGzU=; b=J9NJYpqdYyNgcnH1rtyRrBVsOMNnQRV5kCDK3OtqRRPCip6AUPgnf73pdYvQi7Q2B+oQi liYTHhIr87+rOi8jgfjDKRrEiA9P7AuaFWluJlDZ01jHoaWH6EXVovFmekgUj4yD4o64gdo PCqRcT61q1JEWr7FJ79oGoSw1YaETqxz79MeiZqJyjJ/GmdZkWjkNq+5z94tnzvgpVBY+pM s2O51u+ooB8PqPu9jaDQLXlBuK8uNHfpwqnCpn2huHcttqRDlVdz1PwScKrYBmHLbEoi15v PsWAC6crE4zO22s5gySsOT4XJgQ3Otfb5CciGM46NO9fK47KROI8dh4o+PGg== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1769136178; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=uFnz6sAOO/UaYwjx4hMoChDHlnNAM0ADpqOcEe1xLQ0=; b=jJ5fZ7p1xAtx4lZnD8tNT18UzYxcGrjSg0uncZ9pfDRSjAQl672gxRMmoy5j4F+2gsnCM 5rYAfJ2HxgeXUHigmvsSgInIFzJniU0OwGs9hD+6ltExnqwhoP9qmBfR06EhGcW1E6eNHOW 0hHpypU0JyDHYio4B1DCYjxgIyanJdZhcQF+dEYnJtzcyi2W3cVOIeXyTn9tfBDJKutlbDQ RaxtO6mTSnZBtZLC1/sjL5M0UQsPnLNl9TvdCrE7xm9oxygOUS8T4v22RMrRuFIzf9WSk9b lU5u/uhByfroqgjfieS628YUjzsB/nnB/nme/aYBvOZNpyJqXsEJL45x5dLA== Received: from 69dab402ede7 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 55E436910E7 for ; Fri, 23 Jan 2026 04:42:58 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Fri, 23 Jan 2026 02:42:57 -0000 Message-ID: <176913617858.25.16327408458178140790@4457048688e7> Message-ID-Hash: TKZDLHYAO6V4OEFF7A72U4F6X3VZ3HAO X-Message-ID-Hash: TKZDLHYAO6V4OEFF7A72U4F6X3VZ3HAO X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] fftools/ffmpeg_opt: limit recursion of presets (PR #21549) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: michaelni via ffmpeg-devel Cc: michaelni Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21549 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549.patch Fixes: stack overflow This should have limited security impact as it requires access to arbitrary options. Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer >>From 83e850020f16fe95556d802dbf981ee8305050e6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 22 Jan 2026 21:11:34 +0100 Subject: [PATCH] fftools/ffmpeg_opt: limit recursion of presets Fixes: stack overflow This should have limited security impact as it requires access to arbitrary options. Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer --- fftools/ffmpeg.h | 2 ++ fftools/ffmpeg_opt.c | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/fftools/ffmpeg.h b/fftools/ffmpeg.h index 7720dd9c59..4d109fc015 100644 --- a/fftools/ffmpeg.h +++ b/fftools/ffmpeg.h @@ -258,6 +258,8 @@ typedef struct OptionsContext { SpecifierOptList enc_stats_pre_fmt; SpecifierOptList enc_stats_post_fmt; SpecifierOptList mux_stats_fmt; + + int depth; } OptionsContext; enum IFilterFlags { diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c index 80bb9236af..32d6b951f6 100644 --- a/fftools/ffmpeg_opt.c +++ b/fftools/ffmpeg_opt.c @@ -1110,6 +1110,12 @@ static int opt_preset(void *optctx, const char *opt, const char *arg) char filename[1000], line[1000], tmp_line[1000]; const char *codec_name = NULL; int ret = 0; + int depth = o->depth; + + if (depth > 2) { + av_log(NULL, AV_LOG_ERROR, "too deep recursion\n"); + return AVERROR(EINVAL); + } codec_name = opt_match_per_type_str(&o->codec_names, *opt); @@ -1121,6 +1127,7 @@ static int opt_preset(void *optctx, const char *opt, const char *arg) return AVERROR(ENOENT); } + o->depth ++; while (fgets(line, sizeof(line), f)) { char *key = tmp_line, *value, *endptr; @@ -1149,6 +1156,7 @@ static int opt_preset(void *optctx, const char *opt, const char *arg) } fail: + o->depth = depth; fclose(f); return ret; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org