From 5e053a40053120101a74f919cb55942a723e6808 Mon Sep 17 00:00:00 2001
From: Martin Storsjo <martin@martin.st>
Date: Tue, 15 Aug 2017 16:36:05 +0300
Subject: [PATCH] Feed more input data when necessary for ADTS

This fixes cases where an ADTS header could set numberOfRawDataBlocks
to a number larger than 1, which would lead to transportDec_FillData
not feeding any more data, even though the input buffer was depleted.

Fixes: 3014/clusterfuzz-testcase-5425740193464320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
---
 libMpegTPDec/src/tpdec_lib.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libMpegTPDec/src/tpdec_lib.cpp b/libMpegTPDec/src/tpdec_lib.cpp
index 1d8b7b3..a9d3e2c 100644
--- a/libMpegTPDec/src/tpdec_lib.cpp
+++ b/libMpegTPDec/src/tpdec_lib.cpp
@@ -665,7 +665,7 @@ TRANSPORTDEC_ERROR transportDec_FillData(const HANDLE_TRANSPORTDEC hTp,
       return TRANSPORTDEC_OK;
     }
 
-    if (hTp->numberOfRawDataBlocks <= 0) {
+    if (hTp->numberOfRawDataBlocks <= 0 || FDKgetValidBits(hBs) == 0) {
       FDKfeedBuffer(hBs, pBuffer, bufferSize, pBytesValid);
     }
   }