If a parsed frame size happens to be so big that it is negative
(as an int), the size in the error message would be negative which is
nonsense in light of the fact that the size field is an unsigned value
in the standard. Change this and also change the type of the variable to
unsigned.
Also return AVERROR_INVALIDDATA and not AVERROR(EINVAL) in this case as
this is clearly invalid data.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
---
libavcodec/vp9_superframe_split_bsf.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/vp9_superframe_split_bsf.c
b/libavcodec/vp9_superframe_split_bsf.c
index 6ebecfa8ae..df5b964414 100644
--- a/libavcodec/vp9_superframe_split_bsf.c
+++ b/libavcodec/vp9_superframe_split_bsf.c
@@ -70,15 +70,15 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx,
AVPacket *out)
nb_frames * length_size);
for (i = 0; i < nb_frames; i++) {
- int frame_size = 0;
+ unsigned frame_size = 0;
for (j = 0; j < length_size; j++)
frame_size |= bytestream2_get_byte(&bc) << (j * 8);
total_size += frame_size;
- if (frame_size <= 0 || total_size > in->size - idx_size) {
+ if (!frame_size || total_size > in->size - idx_size) {
av_log(ctx, AV_LOG_ERROR,
- "Invalid frame size in a superframe: %d\n",
frame_size);
- ret = AVERROR(EINVAL);
+ "Invalid frame size in a superframe: %u\n",
frame_size);
+ ret = AVERROR_INVALIDDATA;
goto fail;
}
s->sizes[i] = frame_size;
--
2.20.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
