vp9: avoid infinite loop with broken files

With a certain fuzzed file, the parser will always return 0 consumed
bytes, which makes calling code call the parser infinitely. Return the
full packet size on error instead. (Here it would be nice if parsers
could return errors at all.)

Additionally, _if_ there's some data left, return that too, which might
help with somewhat broken but still somehow playable files.

Fixes ticket #4242.

Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

diff --git a/libavcodec/vp9_parser.c b/libavcodec/vp9_parser.c
index 922f36f3811baf0bfae97eeb4c4013ddff24ba83..b188785456b8df09331e74353e0fc1f418848747 100644 (file)
--- a/libavcodec/vp9_parser.c
+++ b/libavcodec/vp9_parser.c
@@ -43,6 +43,7 @@ static int parse(AVCodecParserContext *ctx,
                  const uint8_t *data, int size)
 {
     VP9ParseContext *s = ctx->priv_data;
+    int full_size = size;
     int marker;
 
     if (size <= 0) {
@@ -77,12 +78,12 @@ static int parse(AVCodecParserContext *ctx,
                     idx += a; \
                     if (sz > size) { \
                         s->n_frames = 0; \
-                        *out_size = 0; \
+                        *out_size = size; \
                         *out_data = data; \
                         av_log(avctx, AV_LOG_ERROR, \
                                "Superframe packet size too big: %u > %d\n", \
                                sz, size); \
-                        return size; \
+                        return full_size; \
                     } \
                     if (first) { \
                         first = 0; \