The parser must always set the out_size and out_data pointers. The API
seems to require it, and the common code in parser.c also relies on it.
---
Found with a fuzzed file provided by someone else.
---
libavcodec/vp9_parser.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index af033c2..922f36f 100644
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -77,6 +77,8 @@ static int parse(AVCodecParserContext *ctx,
idx += a; \
if (sz > size) { \
s->n_frames = 0; \
+ *out_size = 0; \
+ *out_data = data; \
av_log(avctx, AV_LOG_ERROR, \
"Superframe packet size too big: %u > %d\n", \
sz, size); \
--
2.1.4
_______________________________________________
ffmpeg-devel mailing list
[email protected]
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
