diff options
| author | wm4 <nfxjfg@googlemail.com> | 2015-01-10 18:00:08 +0100 |
|---|---|---|
| committer | Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> | 2015-11-26 01:37:52 +0100 |
| commit | 22dbde85e7ffd54c9260d528eab069ff55e271c6 (patch) | |
| tree | cf51b8347eecc8aa087593e9b013106a76ebb808 | |
| parent | 11579f7e4e9914a49a44c6f41468f9f017659be3 (diff) | |
| download | ffmpeg-22dbde85e7ffd54c9260d528eab069ff55e271c6.tar.gz | |
vp9: avoid infinite loop with broken files
With a certain fuzzed file, the parser will always return 0 consumed
bytes, which makes calling code call the parser infinitely. Return the
full packet size on error instead. (Here it would be nice if parsers
could return errors at all.)
Additionally, _if_ there's some data left, return that too, which might
help with somewhat broken but still somehow playable files.
Fixes ticket #4242.
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 09b4ad15681be197fff8c57ce7c988a4718d6e03)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
| -rw-r--r-- | libavcodec/vp9_parser.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c index 922f36f381..b188785456 100644 --- a/libavcodec/vp9_parser.c +++ b/libavcodec/vp9_parser.c @@ -43,6 +43,7 @@ static int parse(AVCodecParserContext *ctx, const uint8_t *data, int size) { VP9ParseContext *s = ctx->priv_data; + int full_size = size; int marker; if (size <= 0) { @@ -77,12 +78,12 @@ static int parse(AVCodecParserContext *ctx, idx += a; \ if (sz > size) { \ s->n_frames = 0; \ - *out_size = 0; \ + *out_size = size; \ *out_data = data; \ av_log(avctx, AV_LOG_ERROR, \ "Superframe packet size too big: %u > %d\n", \ sz, size); \ - return size; \ + return full_size; \ } \ if (first) { \ first = 0; \ |