[FFmpeg-devel] [PATCH] vp9_parser: fix endless loop w/0-sized frame

James Zern jzern at google.com
Sat Oct 17 00:46:28 CEST 2015


treat this the same as an over-sized superframe packet to break out of
the parser loop and allow the decoder to fail.

Signed-off-by: James Zern <jzern at google.com>
---
 libavcodec/vp9_parser.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index f1f7e35..0437097 100644
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -111,12 +111,12 @@ static int parse(AVCodecParserContext *ctx,
                 while (n_frames--) { \
                     unsigned sz = rd; \
                     idx += a; \
-                    if (sz > size) { \
+                    if (sz == 0 || sz > size) { \
                         s->n_frames = 0; \
                         *out_size = size; \
                         *out_data = data; \
                         av_log(avctx, AV_LOG_ERROR, \
-                               "Superframe packet size too big: %u > %d\n", \
+                               "Invalid superframe packet size: %u frame size: %d\n", \
                                sz, size); \
                         return full_size; \
                     } \
-- 
2.6.0.rc2.230.g3dd15c0



More information about the ffmpeg-devel mailing list