h264: avoid stuck buffer pointer in decode_nal_units

When decode_nal_units() previously encountered a NAL_END_SEQUENCE, and there are some junk bytes left in the input buffer, but no start codes, buf_index gets stuck 3 bytes before the end of the buffer. This can trigger an infinite loop in the caller code, eg. in try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes, with 3 bytes of the input packet still available. With this change, the remaining bytes are skipped so the whole packet gets consumed. CC:libav-stable@libav.org Signed-off-by: Jindřich Makovička <makovick@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net>
author: Jindřich Makovička <makovick@gmail.com> 2012-09-29 11:16:45 +0200
committer: Anton Khirnov <anton@khirnov.net> 2012-09-29 19:31:17 +0200
commit: 1a8c6917f68f7378465e18f7615762bfd22704c2 (patch)
tree: 95fefb1dcfc3c6b00157121c612e07d246e96fd2
parent: 0f583d20d5ddcab34d8af76a597d5d6f1f19fece (diff)
download: ffmpeg-1a8c6917f68f7378465e18f7615762bfd22704c2.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 99cf5dc9f3..5de7f104ca 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -3694,8 +3694,10 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size)
                         buf[buf_index + 2] == 1)
                         break;
 
-                if (buf_index + 3 >= buf_size)
+                if (buf_index + 3 >= buf_size) {
+                    buf_index = buf_size;
                     break;
+                }
 
                 buf_index += 3;
                 if (buf_index >= next_avc)
author	Jindřich Makovička <makovick@gmail.com>	2012-09-29 11:16:45 +0200
committer	Anton Khirnov <anton@khirnov.net>	2012-09-29 19:31:17 +0200
commit	1a8c6917f68f7378465e18f7615762bfd22704c2 (patch)
tree	95fefb1dcfc3c6b00157121c612e07d246e96fd2
parent	0f583d20d5ddcab34d8af76a597d5d6f1f19fece (diff)
download	ffmpeg-1a8c6917f68f7378465e18f7615762bfd22704c2.tar.gz