From 9d3050d3e95e307ebc34a943484c7add838d1220 Mon Sep 17 00:00:00 2001
From: "Ronald S. Bultje" <rsbultje@gmail.com>
Date: Fri, 17 Feb 2012 16:57:00 -0800
Subject: wma: don't return 0 on invalid packets.

Return 0 means "please return the same data again", i.e. it causes an
infinite loop. Instead, return an error.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
---
 libavcodec/wmadec.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'libavcodec')

diff --git a/libavcodec/wmadec.c b/libavcodec/wmadec.c
index 41b2a8e7a7..b9fc21fd3e 100644
--- a/libavcodec/wmadec.c
+++ b/libavcodec/wmadec.c
@@ -817,8 +817,12 @@ static int wma_decode_superframe(AVCodecContext *avctx, void *data,
         s->last_superframe_len = 0;
         return 0;
     }
-    if (buf_size < s->block_align)
-        return 0;
+    if (buf_size < s->block_align) {
+        av_log(avctx, AV_LOG_ERROR,
+               "Input packet size too small (%d < %d)\n",
+               buf_size, s->block_align);
+        return AVERROR_INVALIDDATA;
+    }
     buf_size = s->block_align;
 
     init_get_bits(&s->gb, buf, buf_size*8);
-- 
cgit v1.2.3