mlp_parser: Fix infinite loop with 0 bytes_left.
authorMichael Niedermayer <michaelni@gmx.at>
Thu, 29 Dec 2011 20:26:30 +0000 (21:26 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Tue, 3 Jan 2012 21:43:02 +0000 (22:43 +0100)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e146ad95d79b1a6e6b9e566366b832825c79679f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/mlp_parser.c

index 4ceea5e..f31e2d5 100644 (file)
@@ -263,6 +263,9 @@ static int mlp_parse(AVCodecParserContext *s,
         mp->bytes_left = ((mp->pc.index > 0 ? mp->pc.buffer[0] : buf[0]) << 8)
                        |  (mp->pc.index > 1 ? mp->pc.buffer[1] : buf[1-mp->pc.index]);
         mp->bytes_left = (mp->bytes_left & 0xfff) * 2;
+        if (mp->bytes_left <= 0) { // prevent infinite loop
+            goto lost_sync;
+        }
         mp->bytes_left -= mp->pc.index;
     }