summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Zern <jzern@google.com>2015-10-16 15:28:55 -0700
committerJames Zern <jzern@google.com>2015-10-19 12:10:52 -0700
commit7b4367d93ea2a34baeab2c734630df5e0f11d4c1 (patch)
treefd0e914052653d3763324f8b5de618206d85b69e
parentb0bb1dc62d40dc385283f309012f64d0987883eb (diff)
downloadffmpeg-7b4367d93ea2a34baeab2c734630df5e0f11d4c1.tar.gz
vp9_parser: fix endless loop w/0-sized frame
treat this the same as an over-sized superframe packet to break out of the parser loop and allow the decoder to fail. Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by: James Zern <jzern@google.com>
-rw-r--r--libavcodec/vp9_parser.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index f1f7e350d2..0437097391 100644
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -111,12 +111,12 @@ static int parse(AVCodecParserContext *ctx,
while (n_frames--) { \
unsigned sz = rd; \
idx += a; \
- if (sz > size) { \
+ if (sz == 0 || sz > size) { \
s->n_frames = 0; \
*out_size = size; \
*out_data = data; \
av_log(avctx, AV_LOG_ERROR, \
- "Superframe packet size too big: %u > %d\n", \
+ "Invalid superframe packet size: %u frame size: %d\n", \
sz, size); \
return full_size; \
} \