@@ -70,15 +70,15 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx, AVPacket *out)
nb_frames * length_size);
for (i = 0; i < nb_frames; i++) {
- int frame_size = 0;
+ unsigned frame_size = 0;
for (j = 0; j < length_size; j++)
frame_size |= bytestream2_get_byte(&bc) << (j * 8);
total_size += frame_size;
- if (frame_size <= 0 || total_size > in->size - idx_size) {
+ if (!frame_size || total_size > in->size - idx_size) {
av_log(ctx, AV_LOG_ERROR,
- "Invalid frame size in a superframe: %d\n", frame_size);
- ret = AVERROR(EINVAL);
+ "Invalid frame size in a superframe: %u\n", frame_size);
+ ret = AVERROR_INVALIDDATA;
goto fail;
}
s->sizes[i] = frame_size;
If a parsed frame size happens to be so big that it is negative (as an int), the size in the error message would be negative which is nonsense in light of the fact that the size field is an unsigned value in the standard. Change this and also change the type of the variable to unsigned. Also return AVERROR_INVALIDDATA and not AVERROR(EINVAL) in this case as this is clearly invalid data. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavcodec/vp9_superframe_split_bsf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)