[FFmpeg-devel] [PATCH] vp9: fix parser return values in error case

wm4 nfxjfg at googlemail.com
Fri Jan 9 02:13:36 CET 2015


The parser must always set the out_size and out_data pointers. The API
seems to require it, and the common code in parser.c also relies on it.
---
Found with a fuzzed file provided by someone else.
---
 libavcodec/vp9_parser.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index af033c2..922f36f 100644
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -77,6 +77,8 @@ static int parse(AVCodecParserContext *ctx,
                     idx += a; \
                     if (sz > size) { \
                         s->n_frames = 0; \
+                        *out_size = 0; \
+                        *out_data = data; \
                         av_log(avctx, AV_LOG_ERROR, \
                                "Superframe packet size too big: %u > %d\n", \
                                sz, size); \
-- 
2.1.4



More information about the ffmpeg-devel mailing list