[FFmpeg-devel] [PATCH] vp9: fix parser return values in error case
wm4
nfxjfg at googlemail.com
Fri Jan 9 02:13:36 CET 2015
The parser must always set the out_size and out_data pointers. The API
seems to require it, and the common code in parser.c also relies on it.
---
Found with a fuzzed file provided by someone else.
---
libavcodec/vp9_parser.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index af033c2..922f36f 100644
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -77,6 +77,8 @@ static int parse(AVCodecParserContext *ctx,
idx += a; \
if (sz > size) { \
s->n_frames = 0; \
+ *out_size = 0; \
+ *out_data = data; \
av_log(avctx, AV_LOG_ERROR, \
"Superframe packet size too big: %u > %d\n", \
sz, size); \
--
2.1.4
More information about the ffmpeg-devel
mailing list