wma: don't return 0 on invalid packets.

Return 0 means "please return the same data again", i.e. it causes an
infinite loop. Instead, return an error.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

diff --git a/libavcodec/wmadec.c b/libavcodec/wmadec.c
index 41b2a8e7a7bc072ece419109a6fb490fdb1461d3..b9fc21fd3e698834f81659384fe4d9163ae3fa7d 100644 (file)
--- a/libavcodec/wmadec.c
+++ b/libavcodec/wmadec.c
@@ -817,8 +817,12 @@ static int wma_decode_superframe(AVCodecContext *avctx, void *data,
         s->last_superframe_len = 0;
         return 0;
     }
-    if (buf_size < s->block_align)
-        return 0;
+    if (buf_size < s->block_align) {
+        av_log(avctx, AV_LOG_ERROR,
+               "Input packet size too small (%d < %d)\n",
+               buf_size, s->block_align);
+        return AVERROR_INVALIDDATA;
+    }
     buf_size = s->block_align;
 
     init_get_bits(&s->gb, buf, buf_size*8);