Signed-off-by: James Almer <jamr...@gmail.com>
---
libavcodec/av1_parse.c | 6 ++----
libavcodec/av1_parse.h | 8 +++++++-
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/libavcodec/av1_parse.c b/libavcodec/av1_parse.c
index 48feb9fb8a..b1da44ec72 100644
--- a/libavcodec/av1_parse.c
+++ b/libavcodec/av1_parse.c
@@ -42,12 +42,10 @@ int ff_av1_extract_obu(AV1OBU *obu, const uint8_t *buf, int
length, void *logctx
obu->temporal_id = temporal_id;
obu->spatial_id = spatial_id;
- length = obu_size + start_pos;
-
obu->data = buf + start_pos;
obu->size = obu_size;
obu->raw_data = buf;
- obu->raw_size = length;
+ obu->raw_size = ret;
ret = init_get_bits(&obu->gb, obu->data, obu->size * 8);
if (ret < 0)
@@ -57,7 +55,7 @@ int ff_av1_extract_obu(AV1OBU *obu, const uint8_t *buf, int
length, void *logctx
"obu_type: %d, temporal_id: %d, spatial_id: %d, payload size: %d\n",
obu->type, obu->temporal_id, obu->spatial_id, obu->size);
- return length;
+ return obu->raw_size;
}
int ff_av1_packet_split(AV1Packet *pkt, const uint8_t *buf, int length, void
*logctx)
diff --git a/libavcodec/av1_parse.h b/libavcodec/av1_parse.h
index 3a4151491a..9a6e6835ab 100644
--- a/libavcodec/av1_parse.h
+++ b/libavcodec/av1_parse.h
@@ -95,6 +95,7 @@ static inline int parse_obu_header(const uint8_t *buf, int
buf_size,
{
GetBitContext gb;
int ret, extension_flag, has_size_flag;
+ int64_t size;
ret = init_get_bits8(&gb, buf, FFMIN(buf_size, 2 + 8)); // OBU header
fields + max leb128 length
if (ret < 0)
@@ -124,7 +125,12 @@ static inline int parse_obu_header(const uint8_t *buf, int
buf_size,
*start_pos = get_bits_count(&gb) / 8;
- return 0;
+ size = *obu_size + *start_pos;
+
+ if (size > INT_MAX)
+ return AVERROR(ERANGE);
+
+ return size;
}
#endif /* AVCODEC_AV1_PARSE_H */
--
2.18.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
