[FFmpeg-cvslog] avcodec: Ignoring errors is only possible before the input end

Michael Niedermayer git at videolan.org
Sun Jun 18 15:29:53 EEST 2023 

ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Jun  3 21:44:37 2023 +0200| [fead656a7bf523d448fe8bd39c1f2ea36be98fb9] | committer: Michael Niedermayer

avcodec: Ignoring errors is only possible before the input end

Fixes: out of array read
Fixes: Ticket 10308

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fead656a7bf523d448fe8bd39c1f2ea36be98fb9
---

 libavcodec/h263dec.c       | 2 +-
 libavcodec/mpeg4videodec.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index f4e7048a5f..68a618a7ed 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -281,7 +281,7 @@ static int decode_slice(MpegEncContext *s)
                 ff_er_add_slice(&s->er, s->resync_mb_x, s->resync_mb_y,
                                 s->mb_x, s->mb_y, ER_MB_ERROR & part_mask);
 
-                if (s->avctx->err_recognition & AV_EF_IGNORE_ERR)
+                if ((s->avctx->err_recognition & AV_EF_IGNORE_ERR) && get_bits_left(&s->gb) > 0)
                     continue;
                 return AVERROR_INVALIDDATA;
             }
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index d456e5dd11..30aec5e529 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -1437,7 +1437,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext *ctx, int16_t *block,
                                 if (SHOW_UBITS(re, &s->gb, 1) == 0) {
                                     av_log(s->avctx, AV_LOG_ERROR,
                                            "1. marker bit missing in 3. esc\n");
-                                    if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR))
+                                    if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0)
                                         return AVERROR_INVALIDDATA;
                                 }
                                 SKIP_CACHE(re, &s->gb, 1);
@@ -1448,7 +1448,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext *ctx, int16_t *block,
                                 if (SHOW_UBITS(re, &s->gb, 1) == 0) {
                                     av_log(s->avctx, AV_LOG_ERROR,
                                            "2. marker bit missing in 3. esc\n");
-                                    if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR))
+                                    if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0)
                                         return AVERROR_INVALIDDATA;
                                 }

More information about the ffmpeg-cvslog mailing list