[FFmpeg-cvslog] avcodec: Ignoring errors is only possible before the input end

Michael Niedermayer git at videolan.org
Sun Apr 14 23:23:11 EEST 2024 

ffmpeg | branch: release/4.2 | Michael Niedermayer <michael at niedermayer.cc> | Sat Jun  3 21:44:37 2023 +0200| [21b551011a5b3534770ec3070db658191f387b45] | committer: Michael Niedermayer

avcodec: Ignoring errors is only possible before the input end

Fixes: out of array read
Fixes: Ticket 10308

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit fead656a7bf523d448fe8bd39c1f2ea36be98fb9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=21b551011a5b3534770ec3070db658191f387b45
---

 libavcodec/h263dec.c       | 2 +-
 libavcodec/mpeg4videodec.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index 2b64cb5b3b..4a97c7cfbd 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -300,7 +300,7 @@ static int decode_slice(MpegEncContext *s)
                 ff_er_add_slice(&s->er, s->resync_mb_x, s->resync_mb_y,
                                 s->mb_x, s->mb_y, ER_MB_ERROR & part_mask);
 
-                if (s->avctx->err_recognition & AV_EF_IGNORE_ERR)
+                if ((s->avctx->err_recognition & AV_EF_IGNORE_ERR) && get_bits_left(&s->gb) > 0)
                     continue;
                 return AVERROR_INVALIDDATA;
             }
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index 9b92423e86..244ba1bf1c 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -1189,7 +1189,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext *ctx, int16_t *block,
                                 if (SHOW_UBITS(re, &s->gb, 1) == 0) {
                                     av_log(s->avctx, AV_LOG_ERROR,
                                            "1. marker bit missing in 3. esc\n");
-                                    if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR))
+                                    if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0)
                                         return AVERROR_INVALIDDATA;
                                 }
                                 SKIP_CACHE(re, &s->gb, 1);
@@ -1200,7 +1200,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext *ctx, int16_t *block,
                                 if (SHOW_UBITS(re, &s->gb, 1) == 0) {
                                     av_log(s->avctx, AV_LOG_ERROR,
                                            "2. marker bit missing in 3. esc\n");
-                                    if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR))
+                                    if (!(s->avctx->err_recognition & AV_EF_IGNORE_ERR) || get_bits_left(&s->gb) <= 0)
                                         return AVERROR_INVALIDDATA;
                                 }

More information about the ffmpeg-cvslog mailing list