Fix infinite loop by skipping unexpected start codes in MPEG-2 parsing (Issue #1754)

tusharbhatt7 · tusharbhatt7 · commit 72cbc7dc9e4c · 2025-12-25T22:44:46.000+05:30
diff --git a/src/lib_ccx/es_functions.c b/src/lib_ccx/es_functions.c
@@ -324,6 +324,7 @@ static int es_video_sequence(struct encoder_ctx *enc_ctx, struct lib_cc_decode *
 		else
 		{
 			mprint("\nUnexpected startcode: %02X\n", startcode);
+			skip_u32(esstream);
 		}
 		dec_ctx->no_bitstream_error = 0;
 		return 0;
diff --git a/src/lib_ccx/general_loop.c b/src/lib_ccx/general_loop.c
@@ -1029,6 +1029,13 @@ int process_non_multiprogram_general_loop(struct lib_ccx_ctx *ctx,
 					}
 				}
 				size_t got = process_m2v(*enc_ctx, dec_ctx_video, data_node_video->buffer, data_node_video->len, dec_sub_video);
+				if (got == 0 && data_node_video->len >= 1048576)
+				{
+					// Prevent infinite loop if decoder consumes nothing from a very large buffer (1MB)
+					// This handles cases where process_m2v returns 0 (error or no progress) but buffer is full
+					// We use a large threshold to ensure we don't discard valid video data that is just waiting for more bytes.
+					got = data_node_video->len;
+				}
 				if (got > 0)
 				{
 					memmove(data_node_video->buffer, data_node_video->buffer + got, (size_t)(data_node_video->len - got));

Original file line number	Diff line number	Diff line change
`@@ -324,6 +324,7 @@ static int es_video_sequence(struct encoder_ctx enc_ctx, struct lib_cc_decode `
`324`	`324`	`else`
`325`	`325`	`{`
`326`	`326`	`mprint("\nUnexpected startcode: %02X\n", startcode);`
	`327`	`+ skip_u32(esstream);`
`327`	`328`	`}`
`328`	`329`	`dec_ctx->no_bitstream_error = 0;`
`329`	`330`	`return 0;`
Original file line number	Diff line number	Diff line change
`@@ -1029,6 +1029,13 @@ int process_non_multiprogram_general_loop(struct lib_ccx_ctx *ctx,`
`1029`	`1029`	`}`
`1030`	`1030`	`}`
`1031`	`1031`	`size_t got = process_m2v(*enc_ctx, dec_ctx_video, data_node_video->buffer, data_node_video->len, dec_sub_video);`
	`1032`	`+ if (got == 0 && data_node_video->len >= 1048576)`
	`1033`	`+ {`
	`1034`	`+ // Prevent infinite loop if decoder consumes nothing from a very large buffer (1MB)`
	`1035`	`+ // This handles cases where process_m2v returns 0 (error or no progress) but buffer is full`
	`1036`	`+ // We use a large threshold to ensure we don't discard valid video data that is just waiting for more bytes.`
	`1037`	`+ got = data_node_video->len;`
	`1038`	`+ }`
`1032`	`1039`	`if (got > 0)`
`1033`	`1040`	`{`
`1034`	`1041`	`memmove(data_node_video->buffer, data_node_video->buffer + got, (size_t)(data_node_video->len - got));`