diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2011-12-29 21:26:30 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-01-03 22:43:02 +0100 |
| commit | 0064fcb486cc29a9bc60a52245a3802d363df85b (patch) | |
| tree | 7f4d4a69c8f92c3732f981850773c8a48fcc3103 | |
| parent | a4269652ab831456c77dad3bc59f116f50e6c6f0 (diff) | |
| download | ffmpeg-0064fcb486cc29a9bc60a52245a3802d363df85b.tar.gz | |
mlp_parser: Fix infinite loop with 0 bytes_left.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e146ad95d79b1a6e6b9e566366b832825c79679f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/mlp_parser.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/mlp_parser.c b/libavcodec/mlp_parser.c index 4ceea5e9e1..f31e2d5727 100644 --- a/libavcodec/mlp_parser.c +++ b/libavcodec/mlp_parser.c @@ -263,6 +263,9 @@ static int mlp_parse(AVCodecParserContext *s, mp->bytes_left = ((mp->pc.index > 0 ? mp->pc.buffer[0] : buf[0]) << 8) | (mp->pc.index > 1 ? mp->pc.buffer[1] : buf[1-mp->pc.index]); mp->bytes_left = (mp->bytes_left & 0xfff) * 2; + if (mp->bytes_left <= 0) { // prevent infinite loop + goto lost_sync; + } mp->bytes_left -= mp->pc.index; } |