[FFmpeg-devel] [PATCH 2/4] avcodec/ccaption_dec: check the length of packet and return used length

Wed May 11 17:48:16 EEST 2022

From: Limin Wang <lance.lmwang at gmail.com>

Signed-off-by: Limin Wang <lance.lmwang at gmail.com>
---
 libavcodec/ccaption_dec.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavcodec/ccaption_dec.c b/libavcodec/ccaption_dec.c
index 34f0513b1a..8f61e8aa03 100644
--- a/libavcodec/ccaption_dec.c
+++ b/libavcodec/ccaption_dec.c
@@ -852,6 +852,11 @@ static int decode(AVCodecContext *avctx, AVSubtitle *sub,
     int i;
     unsigned nb_rect_allocated = 0;
 
+    if (len < 3) {
+        ff_dlog(avctx, "incomplete or broken packet");
+        return len;
+    }
+
     for (i = 0; i < len; i += 3) {
         uint8_t hi, cc_type = bptr[i] & 1;
 
@@ -922,7 +927,7 @@ static int decode(AVCodecContext *avctx, AVSubtitle *sub,
     }
 
     *got_sub = sub->num_rects > 0;
-    return ret;
+    return len;
 }
 
 #define OFFSET(x) offsetof(CCaptionSubContext, x)
-- 
2.35.1

