[FFmpeg-cvslog] vp9: fix mt-related hang a parser infinite loop.
Ronald S. Bultje
git at videolan.org
Sat Jan 11 22:35:58 CET 2014
ffmpeg | branch: master | Ronald S. Bultje <rsbultje at gmail.com> | Fri Jan 10 21:38:38 2014 -0500| [0065d2d520caab2321b35a7bec5d62564913238b] | committer: Michael Niedermayer
vp9: fix mt-related hang a parser infinite loop.
Fixes trac ticket 3274.
Looked-at-by: ubitux
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0065d2d520caab2321b35a7bec5d62564913238b
---
libavcodec/vp9.c | 8 ++++++--
libavcodec/vp9_parser.c | 2 +-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
index bba600b..ec6ceb0 100644
--- a/libavcodec/vp9.c
+++ b/libavcodec/vp9.c
@@ -3592,11 +3592,15 @@ static int vp9_decode_frame(AVCodecContext *ctx, void *frame,
data += 4;
size -= 4;
}
- if (tile_size > size)
+ if (tile_size > size) {
+ ff_thread_report_progress(&s->frames[CUR_FRAME].tf, INT_MAX, 0);
return AVERROR_INVALIDDATA;
+ }
ff_vp56_init_range_decoder(&s->c_b[tile_col], data, tile_size);
- if (vp56_rac_get_prob_branchy(&s->c_b[tile_col], 128)) // marker bit
+ if (vp56_rac_get_prob_branchy(&s->c_b[tile_col], 128)) { // marker bit
+ ff_thread_report_progress(&s->frames[CUR_FRAME].tf, INT_MAX, 0);
return AVERROR_INVALIDDATA;
+ }
data += tile_size;
size -= tile_size;
}
diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index c34febf..2de8937 100644
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -80,7 +80,7 @@ static int parse(AVCodecParserContext *ctx,
av_log(avctx, AV_LOG_ERROR, \
"Superframe packet size too big: %d > %d\n", \
sz, size); \
- return AVERROR_INVALIDDATA; \
+ return size; \
} \
if (first) { \
first = 0; \
More information about the ffmpeg-cvslog
mailing list