From d20ef30f534151ce749b064034c339562724cc34 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Thu, 28 May 2020 15:53:56 +0200
Subject: [PATCH] avcodec/vp9_superframe_split_bsf: Discard invalid zero-sized
 frames

They are invalid in VP9. If any of the frames inside a superframe
had a size of zero, the code would either read into the next frame
or into the superframe index; so check for the length to stop this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavcodec/vp9_superframe_split_bsf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/vp9_superframe_split_bsf.c b/libavcodec/vp9_superframe_split_bsf.c
index 2a068a6898..98f5cc83d0 100644
--- a/libavcodec/vp9_superframe_split_bsf.c
+++ b/libavcodec/vp9_superframe_split_bsf.c
@@ -70,7 +70,7 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx, AVPacket *out)
                         frame_size |= bytestream2_get_byte(&bc) << (j * 8);
 
                     total_size += frame_size;
-                    if (frame_size < 0 || total_size > in->size - idx_size) {
+                    if (frame_size <= 0 || total_size > in->size - idx_size) {
                         av_log(ctx, AV_LOG_ERROR,
                                "Invalid frame size in a superframe: %d\n", frame_size);
                         ret = AVERROR(EINVAL);