Wireshark-commits: [Wireshark-commits] master-2.2 f927769: mp4: limit the recursion depth for boxes
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f927769fdfb98097bb6a50ed26080cfbaee3ccf6
Submitter: Martin Kaiser (wireshark@xxxxxxxxx)
Changed: branch: master-2.2
Repository: wireshark
Commits:
f927769 by Martin Kaiser (wireshark@xxxxxxxxx):
mp4: limit the recursion depth for boxes
Although the dissection of each box header consumes a couple of bytes,
it turned out that it's still possible to crash wireshark with a sample
file that contains a large number of nested boxes. The stack will fill
up before we reach the end of the data bytes.
Keep track of the recursion depth as we walk through the hierarchy of
boxes. Abort if we reach the (locally defined) upper limit.
Bug: 13777
Change-Id: I0f67245a5c74131f10d0f9d99b39ad31711b9775
Reviewed-on: https://code.wireshark.org/review/26167
Reviewed-by: Martin Kaiser <wireshark@xxxxxxxxx>
Petri-Dish: Martin Kaiser <wireshark@xxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit 620f69a74b18908e3424920c7bb01cb5e4cbd8b1)
Reviewed-on: https://code.wireshark.org/review/26205
Actions performed:
from c9ace2f Don't handle various "command to send" values in the default case.
adds f927769 mp4: limit the recursion depth for boxes
Summary of changes:
epan/dissectors/file-mp4.c | 69 +++++++++++++++++++++++++++++-----------------
1 file changed, 44 insertions(+), 25 deletions(-)