diff mbox series

[FFmpeg-devel,3/4] avcodec/vp9_superframe_split_bsf: Discard invalid zero-sized frames

Message ID AS1PR01MB9564B2DAC62FA558581D5FFF8F179@AS1PR01MB9564.eurprd01.prod.exchangelabs.com
State Accepted
Commit d20ef30f534151ce749b064034c339562724cc34
Headers show
Series [FFmpeg-devel,1/4] avcodec/vp9_raw_reorder_bsf: Check for existence of data before reading it | expand


Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Andreas Rheinhardt March 22, 2022, 11:09 p.m. UTC
They are invalid in VP9. If any of the frames inside a superframe
had a size of zero, the code would either read into the next frame
or into the superframe index; so check for the length to stop this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Now split into a patch of its own.

 libavcodec/vp9_superframe_split_bsf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series


diff --git a/libavcodec/vp9_superframe_split_bsf.c b/libavcodec/vp9_superframe_split_bsf.c
index ed0444561a..7f0cad1ea0 100644
--- a/libavcodec/vp9_superframe_split_bsf.c
+++ b/libavcodec/vp9_superframe_split_bsf.c
@@ -70,7 +70,7 @@  static int vp9_superframe_split_filter(AVBSFContext *ctx, AVPacket *out)
                         frame_size |= bytestream2_get_byte(&bc) << (j * 8);
                     total_size += frame_size;
-                    if (frame_size < 0 || total_size > in->size - idx_size) {
+                    if (frame_size <= 0 || total_size > in->size - idx_size) {
                         av_log(ctx, AV_LOG_ERROR,
                                "Invalid frame size in a superframe: %d\n", frame_size);
                         ret = AVERROR(EINVAL);