Merge commit '0ccddbad200c1d9439c5a836501917d515cddf76'

* commit '0ccddbad200c1d9439c5a836501917d515cddf76':
  smacker: limit recursion depth of smacker_decode_bigtree

See 946ecd19ea752399bccc751c9339ff74b815587e

Merged-by: James Almer <jamrial@gmail.com>

1 files changed, 7 insertions, 3 deletions

diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index 2077dde4a1..61e316916b 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -44,6 +44,7 @@
 #define SMK_NODE 0x80000000
 
 #define SMKTREE_DECODE_MAX_RECURSION 32
+#define SMKTREE_DECODE_BIG_MAX_RECURSION 500
 
 typedef struct SmackVContext {
     AVCodecContext *avctx;
@@ -131,12 +132,15 @@ static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, uint32_t pref
 /**
  * Decode header tree
  */
-static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx, int length)
+static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc,
+                                  DBCtx *ctx, int length)
 {
-    if(length > 500) { // Larger length can cause segmentation faults due to too deep recursion.
-        av_log(NULL, AV_LOG_ERROR, "length too long\n");
+    // Larger length can cause segmentation faults due to too deep recursion.
+    if (length > SMKTREE_DECODE_BIG_MAX_RECURSION) {
+        av_log(NULL, AV_LOG_ERROR, "Maximum bigtree recursion level exceeded.\n");
         return AVERROR_INVALIDDATA;
     }
+
     if (hc->current + 1 >= hc->length) {
         av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n");
         return AVERROR_INVALIDDATA;