[FFmpeg-cvslog] avcodec/dvbsub_parser: Do not discard data

Michael Niedermayer git at videolan.org
Wed Jul 18 15:01:40 EEST 2018 

ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Fri Jul  6 13:02:19 2018 +0200| [1809f1cda9563ff4451203e0c852afe12f684b80] | committer: Michael Niedermayer

avcodec/dvbsub_parser: Do not discard data

May fix: oss fuzz issue 9220

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1809f1cda9563ff4451203e0c852afe12f684b80
---

 libavcodec/dvbsub_parser.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/libavcodec/dvbsub_parser.c b/libavcodec/dvbsub_parser.c
index e77b9655cc..8ced3c4c34 100644
--- a/libavcodec/dvbsub_parser.c
+++ b/libavcodec/dvbsub_parser.c
@@ -57,6 +57,7 @@ static int dvbsub_parse(AVCodecParserContext *s,
     DVBSubParseContext *pc = s->priv_data;
     uint8_t *p, *p_end;
     int i, len, buf_pos = 0;
+    int out_size = 0;
 
     ff_dlog(avctx, "DVB parse packet pts=%"PRIx64", lpts=%"PRIx64", cpts=%"PRIx64":\n",
             s->pts, s->last_pts, s->cur_frame_pts[s->cur_frame_start_index]);
@@ -71,8 +72,8 @@ static int dvbsub_parse(AVCodecParserContext *s,
     if (i % 16 != 0)
         ff_dlog(avctx, "\n");
 
-    *poutbuf = NULL;
-    *poutbuf_size = 0;
+    *poutbuf      = buf;
+    *poutbuf_size = buf_size;
 
     s->fetch_timestamp = 1;
 
@@ -89,7 +90,7 @@ static int dvbsub_parse(AVCodecParserContext *s,
 
         if (buf_size < 2 || buf[0] != 0x20 || buf[1] != 0x00) {
             ff_dlog(avctx, "Bad packet header\n");
-            return -1;
+            return buf_size;
         }
 
         buf_pos = 2;
@@ -113,9 +114,9 @@ static int dvbsub_parse(AVCodecParserContext *s,
     }
 
     if (buf_size - buf_pos + pc->packet_index > PARSE_BUF_SIZE)
-        return -1;
+        return buf_size;
 
-/* if not currently in a packet, discard data */
+/* if not currently in a packet, pass data */
     if (pc->in_packet == 0)
         return buf_size;
 
@@ -135,7 +136,7 @@ static int dvbsub_parse(AVCodecParserContext *s,
 
                 if (len + 6 <= p_end - p)
                 {
-                    *poutbuf_size += len + 6;
+                    out_size += len + 6;
 
                     p += len + 6;
                 } else
@@ -159,9 +160,10 @@ static int dvbsub_parse(AVCodecParserContext *s,
         }
     }
 
-    if (*poutbuf_size > 0)
+    if (out_size > 0)
     {
         *poutbuf = pc->packet_buf;
+        *poutbuf_size = out_size;
         pc->packet_start = *poutbuf_size;
     }

More information about the ffmpeg-cvslog mailing list