[FFmpeg-devel] [PATCH] vp9: fix mt-related hang a parser infinite loop.

Ronald S. Bultje rsbultje at gmail.com
Sat Jan 11 03:38:38 CET 2014


Fixes trac ticket 3274.
---
 libavcodec/vp9.c        | 8 ++++++--
 libavcodec/vp9_parser.c | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
index b4e8d4e..3db4177 100644
--- a/libavcodec/vp9.c
+++ b/libavcodec/vp9.c
@@ -3592,11 +3592,15 @@ static int vp9_decode_frame(AVCodecContext *ctx, void *frame,
                         data += 4;
                         size -= 4;
                     }
-                    if (tile_size > size)
+                    if (tile_size > size) {
+                        ff_thread_report_progress(&s->frames[CUR_FRAME].tf, INT_MAX, 0);
                         return AVERROR_INVALIDDATA;
+                    }
                     ff_vp56_init_range_decoder(&s->c_b[tile_col], data, tile_size);
-                    if (vp56_rac_get_prob_branchy(&s->c_b[tile_col], 128)) // marker bit
+                    if (vp56_rac_get_prob_branchy(&s->c_b[tile_col], 128)) { // marker bit
+                        ff_thread_report_progress(&s->frames[CUR_FRAME].tf, INT_MAX, 0);
                         return AVERROR_INVALIDDATA;
+                    }
                     data += tile_size;
                     size -= tile_size;
                 }
diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index c34febf..2de8937 100644
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -80,7 +80,7 @@ static int parse(AVCodecParserContext *ctx,
                         av_log(avctx, AV_LOG_ERROR, \
                                "Superframe packet size too big: %d > %d\n", \
                                sz, size); \
-                        return AVERROR_INVALIDDATA; \
+                        return size; \
                     } \
                     if (first) { \
                         first = 0; \
-- 
1.8.4



More information about the ffmpeg-devel mailing list