On 24/03/2017 18:36, Sean McGovern wrote: > Fixes invalid reads with corrupted files. > > CC: libav-sta...@libav.org > Bug-Id: 1039 > --- > libavformat/nsvdec.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c > index c91d2a1..924c869 100644 > --- a/libavformat/nsvdec.c > +++ b/libavformat/nsvdec.c > @@ -520,6 +520,7 @@ static int nsv_read_chunk(AVFormatContext *s, int > fill_header) > uint32_t vsize; > uint16_t asize; > uint16_t auxsize; > + int ret; > > if (nsv->ahead[0].data || nsv->ahead[1].data) > return 0; //-1; /* hey! eat what you've in your plate first! */ > @@ -571,7 +572,8 @@ null_chunk_retry: > if (vsize && st[NSV_ST_VIDEO]) { > nst = st[NSV_ST_VIDEO]->priv_data; > pkt = &nsv->ahead[NSV_ST_VIDEO]; > - av_get_packet(pb, pkt, vsize); > + if ((ret = av_get_packet(pb, pkt, vsize)) < 0) > + return ret; > pkt->stream_index = st[NSV_ST_VIDEO]->index;//NSV_ST_VIDEO; > pkt->dts = nst->frame_offset; > pkt->flags |= nsv->state == NSV_HAS_READ_NSVS ? AV_PKT_FLAG_KEY : 0; > /* keyframe only likely on a sync frame */ > @@ -615,7 +617,8 @@ null_chunk_retry: > bps, channels, samplerate); > } > } > - av_get_packet(pb, pkt, asize); > + if ((ret = av_get_packet(pb, pkt, asize)) < 0) > + return ret; > pkt->stream_index = st[NSV_ST_AUDIO]->index;//NSV_ST_AUDIO; > pkt->flags |= nsv->state == NSV_HAS_READ_NSVS ? AV_PKT_FLAG_KEY : 0; > /* keyframe only likely on a sync frame */ > if( nsv->state == NSV_HAS_READ_NSVS && st[NSV_ST_VIDEO] ) { >
I like this one better as well. Mostly because you might have different I/O errors not related to bogus dimension. lu _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel