avcodec/flac_parser: Fix infinite loop

Fixes: crbug/827204
Reported-by: Frank Liberato <liberato@google.com>
Reviewed-by: Frank Liberato <liberato@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/flac_parser.c b/libavcodec/flac_parser.c
index 84da23f327e1f3bb80de6d945d7676085ae5d6aa..2721286464d83de25c085f3760b0d31da1b65c0b 100644 (file)
--- a/libavcodec/flac_parser.c
+++ b/libavcodec/flac_parser.c
@@ -686,12 +686,17 @@ static int flac_parse(AVCodecParserContext *s, AVCodecContext *avctx,
     }
 
     for (curr = fpc->headers; curr; curr = curr->next) {
-        if (curr->max_score > 0 &&
-            (!fpc->best_header || curr->max_score > fpc->best_header->max_score)) {
+        if (!fpc->best_header || curr->max_score > fpc->best_header->max_score) {
             fpc->best_header = curr;
         }
     }
 
+    if (fpc->best_header && fpc->best_header->max_score <= 0) {
+        // Only accept a bad header if there is no other option to continue
+        if (!buf_size || !buf || read_end != buf || fpc->nb_headers_buffered < FLAC_MIN_HEADERS)
+            fpc->best_header = NULL;
+    }
+
     if (fpc->best_header) {
         fpc->best_header_valid = 1;
         if (fpc->best_header->offset > 0) {