xenia-project/FFmpeg
1
0
Fork 0
mirror of https://github.com/xenia-project/FFmpeg.git synced 2024-11-24 20:19:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pngdec: return correct error code from decode_frame_common

Browse Source 
During the loop ret can get changed. Since it is not set on all failure
paths, decode_frame_common can return 0 even though an error occurred.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Andreas Cadhalpun 2015-05-03 17:50:26 +02:00 committed by Michael Niedermayer
parent 287dbb0771
commit 8f760be4d3
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libavcodec/pngdec.c
View File

@ -968,7 +968,7 @@ static int decode_frame_common(AVCodecContext *avctx, PNGDecContext *s,
AVDictionary *metadata = NULL; AVDictionary *metadata = NULL;
uint32_t tag, length; uint32_t tag, length;
int decode_next_dat = 0; int decode_next_dat = 0;
int ret = AVERROR_INVALIDDATA; int ret;
AVFrame *ref; AVFrame *ref;
for (;;) { for (;;) {
@ -984,12 +984,14 @@ static int decode_frame_common(AVCodecContext *avctx, PNGDecContext *s,
if ( s->state & PNG_ALLIMAGE if ( s->state & PNG_ALLIMAGE
&& avctx->strict_std_compliance <= FF_COMPLIANCE_NORMAL) && avctx->strict_std_compliance <= FF_COMPLIANCE_NORMAL)
goto exit_loop; goto exit_loop;
ret = AVERROR_INVALIDDATA;
goto fail; goto fail;
} }
length = bytestream2_get_be32(&s->gb); length = bytestream2_get_be32(&s->gb);
if (length > 0x7fffffff || length > bytestream2_get_bytes_left(&s->gb)) { if (length > 0x7fffffff || length > bytestream2_get_bytes_left(&s->gb)) {
av_log(avctx, AV_LOG_ERROR, "chunk too big\n"); av_log(avctx, AV_LOG_ERROR, "chunk too big\n");
ret = AVERROR_INVALIDDATA;
goto fail; goto fail;
} }
tag = bytestream2_get_le32(&s->gb); tag = bytestream2_get_le32(&s->gb);
@ -1001,11 +1003,11 @@ static int decode_frame_common(AVCodecContext *avctx, PNGDecContext *s,
((tag >> 24) & 0xff), length); ((tag >> 24) & 0xff), length);
switch (tag) { switch (tag) {
case MKTAG('I', 'H', 'D', 'R'): case MKTAG('I', 'H', 'D', 'R'):
if (decode_ihdr_chunk(avctx, s, length) < 0) if ((ret = decode_ihdr_chunk(avctx, s, length)) < 0)
goto fail; goto fail;
break; break;
case MKTAG('p', 'H', 'Y', 's'): case MKTAG('p', 'H', 'Y', 's'):
if (decode_phys_chunk(avctx, s) < 0) if ((ret = decode_phys_chunk(avctx, s)) < 0)
goto fail; goto fail;
break; break;
case MKTAG('f', 'c', 'T', 'L'): case MKTAG('f', 'c', 'T', 'L'):
@ -1018,15 +1020,17 @@ static int decode_frame_common(AVCodecContext *avctx, PNGDecContext *s,
case MKTAG('f', 'd', 'A', 'T'): case MKTAG('f', 'd', 'A', 'T'):
if (!CONFIG_APNG_DECODER || avctx->codec_id != AV_CODEC_ID_APNG) if (!CONFIG_APNG_DECODER || avctx->codec_id != AV_CODEC_ID_APNG)
goto skip_tag; goto skip_tag;
if (!decode_next_dat) if (!decode_next_dat) {
ret = AVERROR_INVALIDDATA;
goto fail; goto fail;
}
bytestream2_get_be32(&s->gb); bytestream2_get_be32(&s->gb);
length -= 4; length -= 4;
/* fallthrough */ /* fallthrough */
case MKTAG('I', 'D', 'A', 'T'): case MKTAG('I', 'D', 'A', 'T'):
if (CONFIG_APNG_DECODER && avctx->codec_id == AV_CODEC_ID_APNG && !decode_next_dat) if (CONFIG_APNG_DECODER && avctx->codec_id == AV_CODEC_ID_APNG && !decode_next_dat)
goto skip_tag; goto skip_tag;
if (decode_idat_chunk(avctx, s, length, p) < 0) if ((ret = decode_idat_chunk(avctx, s, length, p)) < 0)
goto fail; goto fail;
break; break;
case MKTAG('P', 'L', 'T', 'E'): case MKTAG('P', 'L', 'T', 'E'):
@ -1051,6 +1055,7 @@ static int decode_frame_common(AVCodecContext *avctx, PNGDecContext *s,
if (!(s->state & PNG_ALLIMAGE)) if (!(s->state & PNG_ALLIMAGE))
av_log(avctx, AV_LOG_ERROR, "IEND without all image\n"); av_log(avctx, AV_LOG_ERROR, "IEND without all image\n");
if (!(s->state & (PNG_ALLIMAGE|PNG_IDAT))) { if (!(s->state & (PNG_ALLIMAGE|PNG_IDAT))) {
ret = AVERROR_INVALIDDATA;
goto fail; goto fail;
} }
bytestream2_skip(&s->gb, 4); /* crc */ bytestream2_skip(&s->gb, 4); /* crc */