From: James Zern <jzern@google.com>
Date: Fri, 16 Oct 2015 22:28:55 +0000 (-0700)
Subject: vp9_parser: fix endless loop w/0-sized frame
X-Git-Tag: android-x86-7.1-r1~8411
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=7b4367d93ea2a34baeab2c734630df5e0f11d4c1;p=android-x86%2Fexternal-ffmpeg.git

vp9_parser: fix endless loop w/0-sized frame

treat this the same as an over-sized superframe packet to break out of
the parser loop and allow the decoder to fail.

Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: James Zern <jzern@google.com>
---

diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index f1f7e350d2..0437097391 100644
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -111,12 +111,12 @@ static int parse(AVCodecParserContext *ctx,
                 while (n_frames--) { \
                     unsigned sz = rd; \
                     idx += a; \
-                    if (sz > size) { \
+                    if (sz == 0 || sz > size) { \
                         s->n_frames = 0; \
                         *out_size = size; \
                         *out_data = data; \
                         av_log(avctx, AV_LOG_ERROR, \
-                               "Superframe packet size too big: %u > %d\n", \
+                               "Invalid superframe packet size: %u frame size: %d\n", \
                                sz, size); \
                         return full_size; \
                     } \