On 24/03/2017 18:36, Sean McGovern wrote:
> Fixes invalid reads with corrupted files.
>
> CC: libav-sta...@libav.org
> Bug-Id: 1039
> ---
> libavformat/nsvdec.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c
> index c91d2a1..924c869 100644
> --- a/libavformat/nsvdec.c
> +++ b/libavformat/nsvdec.c
> @@ -520,6 +520,7 @@ static int nsv_read_chunk(AVFormatContext *s, int
> fill_header)
> uint32_t vsize;
> uint16_t asize;
> uint16_t auxsize;
> + int ret;
>
> if (nsv->ahead[0].data || nsv->ahead[1].data)
> return 0; //-1; /* hey! eat what you've in your plate first! */
> @@ -571,7 +572,8 @@ null_chunk_retry:
> if (vsize && st[NSV_ST_VIDEO]) {
> nst = st[NSV_ST_VIDEO]->priv_data;
> pkt = &nsv->ahead[NSV_ST_VIDEO];
> - av_get_packet(pb, pkt, vsize);
> + if ((ret = av_get_packet(pb, pkt, vsize)) < 0)
> + return ret;
> pkt->stream_index = st[NSV_ST_VIDEO]->index;//NSV_ST_VIDEO;
> pkt->dts = nst->frame_offset;
> pkt->flags |= nsv->state == NSV_HAS_READ_NSVS ? AV_PKT_FLAG_KEY : 0;
> /* keyframe only likely on a sync frame */
> @@ -615,7 +617,8 @@ null_chunk_retry:
> bps, channels, samplerate);
> }
> }
> - av_get_packet(pb, pkt, asize);
> + if ((ret = av_get_packet(pb, pkt, asize)) < 0)
> + return ret;
> pkt->stream_index = st[NSV_ST_AUDIO]->index;//NSV_ST_AUDIO;
> pkt->flags |= nsv->state == NSV_HAS_READ_NSVS ? AV_PKT_FLAG_KEY : 0;
> /* keyframe only likely on a sync frame */
> if( nsv->state == NSV_HAS_READ_NSVS && st[NSV_ST_VIDEO] ) {
>
I like this one better as well. Mostly because you might have different
I/O errors not related to bogus dimension.
lu
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
