diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2018-05-27 21:59:58 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2018-05-30 02:42:10 +0200 |
| commit | a9dacdeea6168787a142209bd19fdd74aefc9dd6 (patch) | |
| tree | 849ed1e0c585f052733d9254db2c1be5277260da /libavcodec/qtrle.c | |
| parent | 53d6d4f266b50330a62cbfefdf16ca7b5f496b11 (diff) | |
avcodec/qtrle: Do not output duplicated frames on insufficient input
This improves performance and makes qtrle behave more similar to other decoders.
Libavcodec does generally not output known duplicated frames, instead the calling Application
can insert them as it needs.
Fixes: Timeout
Fixes: 6383/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QTRLE_fuzzer-6199846902956032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/qtrle.c')
| -rw-r--r-- | libavcodec/qtrle.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c index 1b0d2016b5..670690d0a4 100644 --- a/libavcodec/qtrle.c +++ b/libavcodec/qtrle.c @@ -433,12 +433,10 @@ static int qtrle_decode_frame(AVCodecContext *avctx, int ret; bytestream2_init(&s->g, avpkt->data, avpkt->size); - if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) - return ret; /* check if this frame is even supposed to change */ if (avpkt->size < 8) - goto done; + return avpkt->size; /* start after the chunk size */ bytestream2_seek(&s->g, 4, SEEK_SET); @@ -449,17 +447,20 @@ static int qtrle_decode_frame(AVCodecContext *avctx, /* if a header is present, fetch additional decoding parameters */ if (header & 0x0008) { if (avpkt->size < 14) - goto done; + return avpkt->size; start_line = bytestream2_get_be16(&s->g); bytestream2_skip(&s->g, 2); height = bytestream2_get_be16(&s->g); bytestream2_skip(&s->g, 2); if (height > s->avctx->height - start_line) - goto done; + return avpkt->size; } else { start_line = 0; height = s->avctx->height; } + if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) + return ret; + row_ptr = s->frame->linesize[0] * start_line; switch (avctx->bits_per_coded_sample) { @@ -520,7 +521,6 @@ static int qtrle_decode_frame(AVCodecContext *avctx, memcpy(s->frame->data[1], s->pal, AVPALETTE_SIZE); } -done: if ((ret = av_frame_ref(data, s->frame)) < 0) return ret; *got_frame = 1; |