[FFmpeg-devel] [PATCH] vp9_parser: fix endless loop w/0-sized frame
James Zern
jzern at google.com
Mon Oct 19 21:13:26 CEST 2015
On Fri, Oct 16, 2015 at 4:05 PM, Ronald S. Bultje <rsbultje at gmail.com> wrote:
>
> Hi,
>
> On Fri, Oct 16, 2015 at 6:46 PM, James Zern <jzern at google.com> wrote:
>
> > treat this the same as an over-sized superframe packet to break out of
> > the parser loop and allow the decoder to fail.
> >
> > Signed-off-by: James Zern <jzern at google.com>
> > ---
> > libavcodec/vp9_parser.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
> > index f1f7e35..0437097 100644
> > --- a/libavcodec/vp9_parser.c
> > +++ b/libavcodec/vp9_parser.c
> > @@ -111,12 +111,12 @@ static int parse(AVCodecParserContext *ctx,
> > while (n_frames--) { \
> > unsigned sz = rd; \
> > idx += a; \
> > - if (sz > size) { \
> > + if (sz == 0 || sz > size) { \
> > s->n_frames = 0; \
> > *out_size = size; \
> > *out_data = data; \
> > av_log(avctx, AV_LOG_ERROR, \
> > - "Superframe packet size too big: %u >
> > %d\n", \
> > + "Invalid superframe packet size: %u frame
> > size: %d\n", \
> > sz, size); \
> > return full_size; \
> > } \
> > --
> > 2.6.0.rc2.230.g3dd15c0
>
>
> LGTM.
>
applied.
>
> (Maybe in vp10 we should not allow 0-sized frames in a superframe (or tiles
> in a frame), similar to how width is read as read_some_bits() + 1.)
>
Sounds good to me, I filed an issue.
More information about the ffmpeg-devel
mailing list