From f0efd795f460aa64d06bb542c6eadd113c2585c2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 10 Sep 2017 01:32:52 +0200 Subject: [PATCH] avcodec/clearvideo: Only output a frame if one is coded in the packet Fixes: Timeout (183 ms instead of about 20 sec) Fixes: 3147/clusterfuzz-testcase-4870592182353920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/clearvideo.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/libavcodec/clearvideo.c b/libavcodec/clearvideo.c index a9fa0228bd..067942a131 100644 --- a/libavcodec/clearvideo.c +++ b/libavcodec/clearvideo.c @@ -290,11 +290,6 @@ static int clv_decode_frame(AVCodecContext *avctx, void *data, } frame_type = bytestream2_get_byte(&gb); - if ((ret = ff_reget_buffer(avctx, c->pic)) < 0) - return ret; - - c->pic->key_frame = frame_type & 0x20 ? 1 : 0; - c->pic->pict_type = frame_type & 0x20 ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P; if (frame_type & 0x2) { if (buf_size < c->mb_width * c->mb_height) { @@ -302,6 +297,12 @@ static int clv_decode_frame(AVCodecContext *avctx, void *data, return AVERROR_INVALIDDATA; } + if ((ret = ff_reget_buffer(avctx, c->pic)) < 0) + return ret; + + c->pic->key_frame = frame_type & 0x20 ? 1 : 0; + c->pic->pict_type = frame_type & 0x20 ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P; + bytestream2_get_be32(&gb); // frame size; c->ac_quant = bytestream2_get_byte(&gb); c->luma_dc_quant = 32; @@ -323,13 +324,13 @@ static int clv_decode_frame(AVCodecContext *avctx, void *data, mb_ret = ret; } } - } else { - } - if ((ret = av_frame_ref(data, c->pic)) < 0) - return ret; + if ((ret = av_frame_ref(data, c->pic)) < 0) + return ret; - *got_frame = 1; + *got_frame = 1; + } else { + } return mb_ret < 0 ? mb_ret : buf_size; }