[FFmpeg-cvslog] vp9: avoid infinite loop with broken files
    wm4 
    git at videolan.org
       
    Thu Nov 26 01:54:05 CET 2015
    
    
  
ffmpeg | branch: release/2.4 | wm4 <nfxjfg at googlemail.com> | Sat Jan 10 18:00:08 2015 +0100| [f3e33608a5d65bec0cb303641e066681b69f3131] | committer: Andreas Cadhalpun
vp9: avoid infinite loop with broken files
With a certain fuzzed file, the parser will always return 0 consumed
bytes, which makes calling code call the parser infinitely. Return the
full packet size on error instead. (Here it would be nice if parsers
could return errors at all.)
Additionally, _if_ there's some data left, return that too, which might
help with somewhat broken but still somehow playable files.
Fixes ticket #4242.
Reviewed-by: "Ronald S. Bultje" <rsbultje at gmail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 09b4ad15681be197fff8c57ce7c988a4718d6e03)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f3e33608a5d65bec0cb303641e066681b69f3131
---
 libavcodec/vp9_parser.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index 922f36f..b188785 100644
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -43,6 +43,7 @@ static int parse(AVCodecParserContext *ctx,
                  const uint8_t *data, int size)
 {
     VP9ParseContext *s = ctx->priv_data;
+    int full_size = size;
     int marker;
 
     if (size <= 0) {
@@ -77,12 +78,12 @@ static int parse(AVCodecParserContext *ctx,
                     idx += a; \
                     if (sz > size) { \
                         s->n_frames = 0; \
-                        *out_size = 0; \
+                        *out_size = size; \
                         *out_data = data; \
                         av_log(avctx, AV_LOG_ERROR, \
                                "Superframe packet size too big: %u > %d\n", \
                                sz, size); \
-                        return size; \
+                        return full_size; \
                     } \
                     if (first) { \
                         first = 0; \
    
    
More information about the ffmpeg-cvslog
mailing list