@@ -42,12 +42,10 @@ int ff_av1_extract_obu(AV1OBU *obu, const uint8_t *buf, int length, void *logctx
obu->temporal_id = temporal_id;
obu->spatial_id = spatial_id;
- length = obu_size + start_pos;
-
obu->data = buf + start_pos;
obu->size = obu_size;
obu->raw_data = buf;
- obu->raw_size = length;
+ obu->raw_size = ret;
ret = init_get_bits(&obu->gb, obu->data, obu->size * 8);
if (ret < 0)
@@ -57,7 +55,7 @@ int ff_av1_extract_obu(AV1OBU *obu, const uint8_t *buf, int length, void *logctx
"obu_type: %d, temporal_id: %d, spatial_id: %d, payload size: %d\n",
obu->type, obu->temporal_id, obu->spatial_id, obu->size);
- return length;
+ return obu->raw_size;
}
int ff_av1_packet_split(AV1Packet *pkt, const uint8_t *buf, int length, void *logctx)
@@ -95,6 +95,7 @@ static inline int parse_obu_header(const uint8_t *buf, int buf_size,
{
GetBitContext gb;
int ret, extension_flag, has_size_flag;
+ int64_t size;
ret = init_get_bits8(&gb, buf, FFMIN(buf_size, 2 + 8)); // OBU header fields + max leb128 length
if (ret < 0)
@@ -124,7 +125,12 @@ static inline int parse_obu_header(const uint8_t *buf, int buf_size,
*start_pos = get_bits_count(&gb) / 8;
- return 0;
+ size = *obu_size + *start_pos;
+
+ if (size > INT_MAX)
+ return AVERROR(ERANGE);
+
+ return size;
}
#endif /* AVCODEC_AV1_PARSE_H */
Signed-off-by: James Almer <jamrial@gmail.com> --- libavcodec/av1_parse.c | 6 ++---- libavcodec/av1_parse.h | 8 +++++++- 2 files changed, 9 insertions(+), 5 deletions(-)