[FFmpeg-devel] [PATCH] vp9_parser: fix endless loop w/0-sized frame
Ronald S. Bultje
rsbultje at gmail.com
Sat Oct 17 01:05:25 CEST 2015
Hi,
On Fri, Oct 16, 2015 at 6:46 PM, James Zern <jzern at google.com> wrote:
> treat this the same as an over-sized superframe packet to break out of
> the parser loop and allow the decoder to fail.
>
> Signed-off-by: James Zern <jzern at google.com>
> ---
> libavcodec/vp9_parser.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
> index f1f7e35..0437097 100644
> --- a/libavcodec/vp9_parser.c
> +++ b/libavcodec/vp9_parser.c
> @@ -111,12 +111,12 @@ static int parse(AVCodecParserContext *ctx,
> while (n_frames--) { \
> unsigned sz = rd; \
> idx += a; \
> - if (sz > size) { \
> + if (sz == 0 || sz > size) { \
> s->n_frames = 0; \
> *out_size = size; \
> *out_data = data; \
> av_log(avctx, AV_LOG_ERROR, \
> - "Superframe packet size too big: %u >
> %d\n", \
> + "Invalid superframe packet size: %u frame
> size: %d\n", \
> sz, size); \
> return full_size; \
> } \
> --
> 2.6.0.rc2.230.g3dd15c0
LGTM.
(Maybe in vp10 we should not allow 0-sized frames in a superframe (or tiles
in a frame), similar to how width is read as read_some_bits() + 1.)
Thanks,
Ronald
More information about the ffmpeg-devel
mailing list