From df1d84121ba0656abb8bcfcb72b2a0b44a59fdbc Mon Sep 17 00:00:00 2001 From: Dale Curtis Date: Thu, 14 Jun 2012 15:22:25 -0700 Subject: [PATCH 1/2] matroskadec: fix incorrect unsigned->signed conversion --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 0680a6e744..deb272c2e3 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1924,7 +1924,7 @@ static int matroska_parse_block(MatroskaDemuxContext *matroska, uint8_t *data, } } else { MatroskaTrackEncoding *encodings = track->encodings.elem; - int pkt_size = lace_size[n]; + uint32_t pkt_size = lace_size[n]; uint8_t *pkt_data = data; if (pkt_size > size) { From c9a39cec70603f662f4c326b21b11c4f0112079a Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Fri, 14 Sep 2012 20:03:37 +0200 Subject: [PATCH 2/2] matroskadec: return meaningful errors in matroska_decode_buffer --- libavformat/matroskadec.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index deb272c2e3..27c962eab1 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -991,7 +991,7 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, int olen; if (pkt_size >= 10000000) - return -1; + return AVERROR_INVALIDDATA; switch (encodings[0].compression.algo) { case MATROSKA_TRACK_ENCODING_COMP_HEADERSTRIP: { @@ -1015,13 +1015,16 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, olen = pkt_size *= 3; newpktdata = av_realloc(pkt_data, pkt_size + AV_LZO_OUTPUT_PADDING); if (!newpktdata) { + result = AVERROR(ENOMEM); goto failed; } pkt_data = newpktdata; result = av_lzo1x_decode(pkt_data, &olen, data, &isize); } while (result==AV_LZO_OUTPUT_FULL && pkt_size<10000000); - if (result) + if (result) { + result = AVERROR_INVALIDDATA; goto failed; + } pkt_size -= olen; break; #if CONFIG_ZLIB @@ -1045,8 +1048,13 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, } while (result==Z_OK && pkt_size<10000000); pkt_size = zstream.total_out; inflateEnd(&zstream); - if (result != Z_STREAM_END) + if (result != Z_STREAM_END) { + if (result == Z_MEM_ERROR) + result = AVERROR(ENOMEM); + else + result = AVERROR_INVALIDDATA; goto failed; + } break; } #endif @@ -1071,13 +1079,18 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, } while (result==BZ_OK && pkt_size<10000000); pkt_size = bzstream.total_out_lo32; BZ2_bzDecompressEnd(&bzstream); - if (result != BZ_STREAM_END) + if (result != BZ_STREAM_END) { + if (result == BZ_MEM_ERROR) + result = AVERROR(ENOMEM); + else + result = AVERROR_INVALIDDATA; goto failed; + } break; } #endif default: - return -1; + return AVERROR_INVALIDDATA; } *buf = pkt_data; @@ -1085,7 +1098,7 @@ static int matroska_decode_buffer(uint8_t** buf, int* buf_size, return 0; failed: av_free(pkt_data); - return -1; + return result; } static void matroska_fix_ass_packet(MatroskaDemuxContext *matroska,