From patchwork Sat Oct 10 18:59:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 22844 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 888254471B3 for ; Sat, 10 Oct 2020 22:00:12 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6308368BA97; Sat, 10 Oct 2020 22:00:12 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 238BC68BA37 for ; Sat, 10 Oct 2020 22:00:06 +0300 (EEST) Received: by mail-wm1-f65.google.com with SMTP id l15so11150127wmh.1 for ; Sat, 10 Oct 2020 12:00:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=iwvhsJGQs2Qf579+zVqAbBbjMzGDVnIN/QQyz8IalJE=; b=qf16MmpRbOPg4e1yAFebA6Xhv/xMsE2XAONCOZh1P4inu4X5B+acqzWT1EV88bJ4FC i2IpuYJt5l2sdbtLnVXkk4uPLhaXt43JgeioNgcGn6c4hiCKZ9tl5ZSIR1F6ynQpU3KT uOxl0GOUqm6FSt2tqkMer30SdZ+lTUjQlJhj/PWpvEHNEHj/CH1duImbFufFuwQtG6N6 rKD+2Ea2v6PqxIpA8QXcHdx1mW0cwDbtOFuGPbuu8fYoXR5FGniZV1NQ7C0iofeNxrsG /09LUxvlei37tM8kuMF5BF60psUu3oTaIb4DvvvaEm/xe9rDBZqvpHI+8ct2TX3B5Yuh BB4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=iwvhsJGQs2Qf579+zVqAbBbjMzGDVnIN/QQyz8IalJE=; b=CCp1fu1/6uOecW5dctLDzxyIKQP8k6p5+dJpUw0HsAaXSbs4poNCrssbCBg4Sx8QzS aVhbBRvGZFMfHpTs/OCVzizI7Fst3dw2bQF5GGyya+KCZf9mz8Ddc58FU1VTurOFJg5P m+7PK0Wm3n7unoLxqyWltG67mAJ3wtLnc9ZEnZmJZ0IcA1BnFdTkvdsgbytmDWSzTAmA tMq7VgdGfeGaTnHWYqGOoHnB2z40VR/Qfh8jKbwqWlknFDyIGh75Wi8VGv2ghDgRak2F kveTH/lAc3WSjdceUdEGctDFwZKIWPZsD/Z9oWeRGlTq0/yY2vQmomMCxqn7YGjzi9K7 3kuw== X-Gm-Message-State: AOAM530hNz+NxQYbZZHhf89WYS99JEtxzeL6RxWP6cntHEIjcTIcEV3t xZmaUOpv7buk+6YNw3Y6v0XJeLD0e3k= X-Google-Smtp-Source: ABdhPJzQHLakFkJt6DKHCxZquYAgb+eRpOoxFqJgK87oUjTjjb57z1tck5gHSfBl2floGTbJjOhvrg== X-Received: by 2002:a7b:c08c:: with SMTP id r12mr3585458wmh.184.1602356405269; Sat, 10 Oct 2020 12:00:05 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1aa4b.dynamic.kabel-deutschland.de. [188.193.170.75]) by smtp.gmail.com with ESMTPSA id z191sm16665061wme.40.2020.10.10.12.00.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 10 Oct 2020 12:00:04 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 10 Oct 2020 20:59:54 +0200 Message-Id: <20201010185956.980042-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/3] avcodec/sheervideo: Don't leave context in inconsistent state upon error X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" This has happened if the format changed midstream and if the new packet is so small that it is instantaneously rejected: In this case the VLC tables were for the new format, although the context says that they are still the ones for the old format. It can also happen if the format changed midstream and the allocation of the new tables fails. If the next packet is a packet for the old format, the decoder thinks it already has the correct VLC tables, leading to a segfault. Signed-off-by: Andreas Rheinhardt --- libavcodec/sheervideo.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/libavcodec/sheervideo.c b/libavcodec/sheervideo.c index e1a203d361..099e5fdf22 100644 --- a/libavcodec/sheervideo.c +++ b/libavcodec/sheervideo.c @@ -2034,16 +2034,17 @@ static int decode_frame(AVCodecContext *avctx, return AVERROR_PATCHWELCOME; } - if (avpkt->size < 20 + avctx->width * avctx->height / 16) { - av_log(avctx, AV_LOG_ERROR, "Input packet too small\n"); - return AVERROR_INVALIDDATA; - } - if (s->format != format) { - if (ret < 0) + if (ret < 0) { + s->format = 0; return ret; + } s->format = format; } + if (avpkt->size < 20 + avctx->width * avctx->height / 16) { + av_log(avctx, AV_LOG_ERROR, "Input packet too small\n"); + return AVERROR_INVALIDDATA; + } p->pict_type = AV_PICTURE_TYPE_I; p->key_frame = 1;