[FFmpeg-devel] [PATCH 1/2] avcodec/cavsdec: Check I frame mb decode for errors
Michael Niedermayer
michael at niedermayer.cc
Sun Aug 13 21:38:38 EEST 2017
Fixes: timeout
Fixes: 2943/clusterfuzz-testcase-5430257156882432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/cavsdec.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c
index 7a5f795dab..02b3d213a9 100644
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -1070,10 +1070,14 @@ static int decode_pic(AVSContext *h)
} else {
h->alpha_offset = h->beta_offset = 0;
}
+
+ ret = 0;
if (h->cur.f->pict_type == AV_PICTURE_TYPE_I) {
do {
check_for_slice(h);
- decode_mb_i(h, 0);
+ ret = decode_mb_i(h, 0);
+ if (ret < 0)
+ break;
} while (ff_cavs_next_mb(h));
} else if (h->cur.f->pict_type == AV_PICTURE_TYPE_P) {
do {
@@ -1109,12 +1113,12 @@ static int decode_pic(AVSContext *h)
} while (ff_cavs_next_mb(h));
}
emms_c();
- if (h->cur.f->pict_type != AV_PICTURE_TYPE_B) {
+ if (ret >= 0 && h->cur.f->pict_type != AV_PICTURE_TYPE_B) {
av_frame_unref(h->DPB[1].f);
FFSWAP(AVSFrame, h->cur, h->DPB[1]);
FFSWAP(AVSFrame, h->DPB[0], h->DPB[1]);
}
- return 0;
+ return ret;
}
/*****************************************************************************
--
2.13.0
More information about the ffmpeg-devel
mailing list