[FFmpeg-devel] [libav-devel] [PATCH] mpeg4videodec: only allow a positive length
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Wed Apr 22 19:08:57 CEST 2015
On 22.04.2015 18:51, Vittorio Giovara wrote:
> On Wed, Apr 22, 2015 at 3:32 PM, Andreas Cadhalpun
> <andreas.cadhalpun at googlemail.com> wrote:
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavcodec/mpeg4videodec.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
>> index 8449392..9bf33dd 100644
>> --- a/libavcodec/mpeg4videodec.c
>> +++ b/libavcodec/mpeg4videodec.c
>> @@ -189,14 +189,14 @@ static int mpeg4_decode_sprite_trajectory(Mpeg4DecContext *ctx, GetBitContext *g
>> int x = 0, y = 0;
>>
>> length = get_vlc2(gb, sprite_trajectory.table, SPRITE_TRAJ_VLC_BITS, 3);
>> - if (length)
>> + if (length > 0)
>> x = get_xbits(gb, length);
>>
>> if (!(ctx->divx_version == 500 && ctx->divx_build == 413))
>> check_marker(gb, "before sprite_trajectory");
>>
>> length = get_vlc2(gb, sprite_trajectory.table, SPRITE_TRAJ_VLC_BITS, 3);
>> - if (length)
>> + if (length > 0)
>> y = get_xbits(gb, length);
>>
>> check_marker(gb, "after sprite_trajectory");
>> --
>
> Not very familiar with the code, but shouldn't you error out in this case?
One could error out as well, but there was already the check for length != 0,
so changing that was simpler.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list