vp9_parser: fix endless loop w/0-sized frame

treat this the same as an over-sized superframe packet to break out of
the parser loop and allow the decoder to fail.

Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: James Zern <jzern@google.com>

diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index f1f7e35..0437097 100644 (file)
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -111,12 +111,12 @@ static int parse(AVCodecParserContext *ctx,
                 while (n_frames--) { \
                     unsigned sz = rd; \
                     idx += a; \
-                    if (sz > size) { \
+                    if (sz == 0 || sz > size) { \
                         s->n_frames = 0; \
                         *out_size = size; \
                         *out_data = data; \
                         av_log(avctx, AV_LOG_ERROR, \
-                               "Superframe packet size too big: %u > %d\n", \
+                               "Invalid superframe packet size: %u frame size: %d\n", \
                                sz, size); \
                         return full_size; \
                     } \