@@ -57,6 +57,7 @@ static int dvbsub_parse(AVCodecParserContext *s,
DVBSubParseContext *pc = s->priv_data;
uint8_t *p, *p_end;
int i, len, buf_pos = 0;
+ int out_size = 0;
ff_dlog(avctx, "DVB parse packet pts=%"PRIx64", lpts=%"PRIx64", cpts=%"PRIx64":\n",
s->pts, s->last_pts, s->cur_frame_pts[s->cur_frame_start_index]);
@@ -71,8 +72,8 @@ static int dvbsub_parse(AVCodecParserContext *s,
if (i % 16 != 0)
ff_dlog(avctx, "\n");
- *poutbuf = NULL;
- *poutbuf_size = 0;
+ *poutbuf = buf;
+ *poutbuf_size = buf_size;
s->fetch_timestamp = 1;
@@ -89,7 +90,7 @@ static int dvbsub_parse(AVCodecParserContext *s,
if (buf_size < 2 || buf[0] != 0x20 || buf[1] != 0x00) {
ff_dlog(avctx, "Bad packet header\n");
- return -1;
+ return buf_size;
}
buf_pos = 2;
@@ -113,9 +114,9 @@ static int dvbsub_parse(AVCodecParserContext *s,
}
if (buf_size - buf_pos + pc->packet_index > PARSE_BUF_SIZE)
- return -1;
+ return buf_size;
-/* if not currently in a packet, discard data */
+/* if not currently in a packet, pass data */
if (pc->in_packet == 0)
return buf_size;
@@ -135,7 +136,7 @@ static int dvbsub_parse(AVCodecParserContext *s,
if (len + 6 <= p_end - p)
{
- *poutbuf_size += len + 6;
+ out_size += len + 6;
p += len + 6;
} else
@@ -159,9 +160,10 @@ static int dvbsub_parse(AVCodecParserContext *s,
}
}
- if (*poutbuf_size > 0)
+ if (out_size > 0)
{
*poutbuf = pc->packet_buf;
+ *poutbuf_size = out_size;
pc->packet_start = *poutbuf_size;
}
May fix: oss fuzz issue 9220 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/dvbsub_parser.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-)