Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libavcodec/mpeg4videodec.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2018-04-29 22:19:14 +0300
committerMichael Niedermayer <michael@niedermayer.cc>2018-05-03 18:33:51 +0300
commite03bf251d8784f4d1df2c22381c902087e151e31 (patch)
tree1fefde10d5fb5b68acd44fcdbc527e932d99193b /libavcodec/mpeg4videodec.c
parent5abcf45d752df0a3f654833272eb0d7aae34d431 (diff)
avcodec/mpeg4videodec: Move decode_studiovisualobject() parsing in the branch for visual object parsing
Fixes: runtime error: shift exponent -1 is negative Fixes: 7510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5024523356209152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/mpeg4videodec.c')
-rw-r--r--libavcodec/mpeg4videodec.c15
1 files changed, 5 insertions, 10 deletions
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index 32eb3d1ca8..27602e8542 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -2982,14 +2982,9 @@ static int decode_studio_vop_header(Mpeg4DecContext *ctx, GetBitContext *gb)
static int decode_studiovisualobject(Mpeg4DecContext *ctx, GetBitContext *gb)
{
- uint32_t startcode;
MpegEncContext *s = &ctx->m;
int visual_object_type, width, height;
- startcode = get_bits_long(gb, 32);
-
- /* StudioVisualObject() */
- if (startcode == VISUAL_OBJ_STARTCODE) {
skip_bits(gb, 4); /* visual_object_verid */
visual_object_type = get_bits(gb, 4);
@@ -3069,7 +3064,6 @@ static int decode_studiovisualobject(Mpeg4DecContext *ctx, GetBitContext *gb)
next_start_code_studio(gb);
extension_and_user_data(s, gb, 2);
}
- }
return 0;
}
@@ -3192,13 +3186,14 @@ int ff_mpeg4_decode_picture_header(Mpeg4DecContext *ctx, GetBitContext *gb)
s->studio_profile = 1;
next_start_code_studio(gb);
extension_and_user_data(s, gb, 0);
-
+ }
+ } else if (startcode == VISUAL_OBJ_STARTCODE) {
+ if (s->studio_profile) {
if ((ret = decode_studiovisualobject(ctx, gb)) < 0)
return ret;
break;
- }
- } else if (startcode == VISUAL_OBJ_STARTCODE) {
- mpeg4_decode_visual_object(s, gb);
+ } else
+ mpeg4_decode_visual_object(s, gb);
} else if (startcode == VOP_STARTCODE) {
break;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 16:26:43 +0300