From 1809f1cda9563ff4451203e0c852afe12f684b80 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Jul 2018 13:02:19 +0200 Subject: [PATCH] avcodec/dvbsub_parser: Do not discard data May fix: oss fuzz issue 9220 Signed-off-by: Michael Niedermayer --- libavcodec/dvbsub_parser.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/libavcodec/dvbsub_parser.c b/libavcodec/dvbsub_parser.c index e77b9655cc..8ced3c4c34 100644 --- a/libavcodec/dvbsub_parser.c +++ b/libavcodec/dvbsub_parser.c @@ -57,6 +57,7 @@ static int dvbsub_parse(AVCodecParserContext *s, DVBSubParseContext *pc = s->priv_data; uint8_t *p, *p_end; int i, len, buf_pos = 0; + int out_size = 0; ff_dlog(avctx, "DVB parse packet pts=%"PRIx64", lpts=%"PRIx64", cpts=%"PRIx64":\n", s->pts, s->last_pts, s->cur_frame_pts[s->cur_frame_start_index]); @@ -71,8 +72,8 @@ static int dvbsub_parse(AVCodecParserContext *s, if (i % 16 != 0) ff_dlog(avctx, "\n"); - *poutbuf = NULL; - *poutbuf_size = 0; + *poutbuf = buf; + *poutbuf_size = buf_size; s->fetch_timestamp = 1; @@ -89,7 +90,7 @@ static int dvbsub_parse(AVCodecParserContext *s, if (buf_size < 2 || buf[0] != 0x20 || buf[1] != 0x00) { ff_dlog(avctx, "Bad packet header\n"); - return -1; + return buf_size; } buf_pos = 2; @@ -113,9 +114,9 @@ static int dvbsub_parse(AVCodecParserContext *s, } if (buf_size - buf_pos + pc->packet_index > PARSE_BUF_SIZE) - return -1; + return buf_size; -/* if not currently in a packet, discard data */ +/* if not currently in a packet, pass data */ if (pc->in_packet == 0) return buf_size; @@ -135,7 +136,7 @@ static int dvbsub_parse(AVCodecParserContext *s, if (len + 6 <= p_end - p) { - *poutbuf_size += len + 6; + out_size += len + 6; p += len + 6; } else @@ -159,9 +160,10 @@ static int dvbsub_parse(AVCodecParserContext *s, } } - if (*poutbuf_size > 0) + if (out_size > 0) { *poutbuf = pc->packet_buf; + *poutbuf_size = out_size; pc->packet_start = *poutbuf_size; }