avcodec/ffv1dec: Check for 0 quant tables

[ffmpeg] / libavcodec / ffv1dec.c

diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index a8d5e33da9c3f43ce6ed71a3c9e8f94dfb13d8fc..367d8c7b95b62fbb141b65f3d72a486a10ce38f9 100644 (file)
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -408,6 +408,7 @@ static int decode_slice(AVCodecContext *c, void *arg)
         if (ff_ffv1_init_slice_state(f, fs) < 0)
             return AVERROR(ENOMEM);
         if (decode_slice_header(f, fs) < 0) {
+            fs->slice_x = fs->slice_y = fs->slice_height = fs->slice_width = 0;
             fs->slice_damaged = 1;
             return AVERROR_INVALIDDATA;
         }
@@ -568,7 +569,7 @@ static int read_extra_header(FFV1Context *f)
     }
 
     f->quant_table_count = get_symbol(c, state, 0);
-    if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES)
+    if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count)
         return AVERROR_INVALIDDATA;
 
     for (i = 0; i < f->quant_table_count; i++) {
@@ -939,6 +940,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac
         else                     v = buf_p - c->bytestream_start;
         if (buf_p - c->bytestream_start < v) {
             av_log(avctx, AV_LOG_ERROR, "Slice pointer chain broken\n");
+            ff_thread_report_progress(&f->picture, INT_MAX, 0);
             return AVERROR_INVALIDDATA;
         }
         buf_p -= v;