[FFmpeg-devel,7/7] cbs_mpeg2: Drop fragments containing zero-sized units

Submitted by Andreas Rheinhardt on July 29, 2019, 7:56 p.m.

Details

Message ID 20190729195658.56078-7-andreas.rheinhardt@gmail.com
State New
Headers show

Commit Message

Andreas Rheinhardt July 29, 2019, 7:56 p.m.
They are invalid and can be easily detected, so discard them.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavcodec/cbs_mpeg2.c | 6 ++++++
 1 file changed, 6 insertions(+)

Patch hide | download patch | download mbox

diff --git a/libavcodec/cbs_mpeg2.c b/libavcodec/cbs_mpeg2.c
index 559793dc98..eb0e2c7ba9 100644
--- a/libavcodec/cbs_mpeg2.c
+++ b/libavcodec/cbs_mpeg2.c
@@ -207,6 +207,12 @@  static int cbs_mpeg2_split_fragment(CodedBitstreamContext *ctx,
            final     = 1;
         }
 
+        if (unit_size == 0) {
+            // This can only happen if frag->data contained data like
+            // 0x00 00 01 00 00 01 xy, which is treated as two start codes.
+            return AVERROR_INVALIDDATA;
+        }
+
         if (unit_type == MPEG2_START_EXTENSION && unit_size >= 4 &&
             start[1] >> 4 == MPEG2_EXTENSION_PICTURE_CODING) {
             // The values f_code[0][1], f_code[1][1] are used to derive