[FFmpeg-devel] [PATCH 1/2] mlp_parser: Fix infinite loop with 0 bytes_left.
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Fri Dec 30 02:06:51 CET 2011
On 29 Dec 2011, at 22:40, Michael Niedermayer <michaelni at gmx.at> wrote:
> Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> ---
> libavcodec/mlp_parser.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/libavcodec/mlp_parser.c b/libavcodec/mlp_parser.c
> index 4ceea5e..96f5fae 100644
> --- a/libavcodec/mlp_parser.c
> +++ b/libavcodec/mlp_parser.c
> @@ -263,6 +263,9 @@ static int mlp_parse(AVCodecParserContext *s,
> mp->bytes_left = ((mp->pc.index > 0 ? mp->pc.buffer[0] : buf[0]) << 8)
> | (mp->pc.index > 1 ? mp->pc.buffer[1] : buf[1-mp->pc.index]);
> mp->bytes_left = (mp->bytes_left & 0xfff) * 2;
> + if (mp->bytes_left <= 0) {
> + goto lost_sync;
> + }
> mp->bytes_left -= mp->pc.index;
I hadn't time to look at the code around, but checking for < 0 before the subtraction seems quite non-obvious, should maybe have a comment?
More information about the ffmpeg-devel
mailing list