The earlier version didn't really check that the 'p' of a "p\0" is actually part of a DivX user_data section, instead it treated the first "p\0" after the start of a user_data section as end of a DivX user_data section if it is close enough to the beginning of the user_data section; it actually needn't be part of a user_data section at all.
Furthermore, the code worked under the assumption that there is a 0x00 after the 'p' although this might not be true for extradata if the DivX user_data unit is at the end of the extradata. Both of these flaws have been fixed. Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@googlemail.com> --- libavcodec/mpeg4_unpack_bframes_bsf.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libavcodec/mpeg4_unpack_bframes_bsf.c b/libavcodec/mpeg4_unpack_bframes_bsf.c index 1daf133ce5..20d3e39c00 100644 --- a/libavcodec/mpeg4_unpack_bframes_bsf.c +++ b/libavcodec/mpeg4_unpack_bframes_bsf.c @@ -41,10 +41,13 @@ static void scan_buffer(const uint8_t *buf, int buf_size, if (startcode == USER_DATA_STARTCODE && pos_p) { /* check if the (DivX) userdata string ends with 'p' (packed) */ - for (int i = 0; i < 255 && pos + i + 1 < end; i++) { - if (pos[i] == 'p' && pos[i + 1] == '\0') { - *pos_p = pos + i - buf; - break; + if (!memcmp(pos, "DivX", 4)) { + for (int i = 4; i < 255 && pos + i < end; i++) { + if (pos[i] == 'p' && (pos + i + 1 == end || pos[i + 1] == '\0')) { + *pos_p = pos + i - buf; + break; + } else if (pos[i] == 0) + break; } } } else if (startcode == VOP_STARTCODE && nb_vop) { -- 2.19.2 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel