mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-24 13:56:33 +02:00
vp9: avoid infinite loop with broken files
With a certain fuzzed file, the parser will always return 0 consumed bytes, which makes calling code call the parser infinitely. Return the full packet size on error instead. (Here it would be nice if parsers could return errors at all.) Additionally, _if_ there's some data left, return that too, which might help with somewhat broken but still somehow playable files. Fixes ticket #4242. Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
0898a6d4e4
commit
09b4ad1568
@ -43,6 +43,7 @@ static int parse(AVCodecParserContext *ctx,
|
||||
const uint8_t *data, int size)
|
||||
{
|
||||
VP9ParseContext *s = ctx->priv_data;
|
||||
int full_size = size;
|
||||
int marker;
|
||||
|
||||
if (size <= 0) {
|
||||
@ -77,12 +78,12 @@ static int parse(AVCodecParserContext *ctx,
|
||||
idx += a; \
|
||||
if (sz > size) { \
|
||||
s->n_frames = 0; \
|
||||
*out_size = 0; \
|
||||
*out_size = size; \
|
||||
*out_data = data; \
|
||||
av_log(avctx, AV_LOG_ERROR, \
|
||||
"Superframe packet size too big: %u > %d\n", \
|
||||
sz, size); \
|
||||
return size; \
|
||||
return full_size; \
|
||||
} \
|
||||
if (first) { \
|
||||
first = 0; \
|
||||
|
Loading…
x
Reference in New Issue
Block a user