Commit 09b4ad15 authored by wm4's avatar wm4 Committed by Michael Niedermayer

vp9: avoid infinite loop with broken files

With a certain fuzzed file, the parser will always return 0 consumed
bytes, which makes calling code call the parser infinitely. Return the
full packet size on error instead. (Here it would be nice if parsers
could return errors at all.)

Additionally, _if_ there's some data left, return that too, which might
help with somewhat broken but still somehow playable files.

Fixes ticket #4242.
Reviewed-by: 's avatar"Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 0898a6d4
......@@ -43,6 +43,7 @@ static int parse(AVCodecParserContext *ctx,
const uint8_t *data, int size)
{
VP9ParseContext *s = ctx->priv_data;
int full_size = size;
int marker;
if (size <= 0) {
......@@ -77,12 +78,12 @@ static int parse(AVCodecParserContext *ctx,
idx += a; \
if (sz > size) { \
s->n_frames = 0; \
*out_size = 0; \
*out_size = size; \
*out_data = data; \
av_log(avctx, AV_LOG_ERROR, \
"Superframe packet size too big: %u > %d\n", \
sz, size); \
return size; \
return full_size; \
} \
if (first) { \
first = 0; \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment