h264: reset data_partitioning if decoding the slice header for NAL_DPA fails

If it was set before then we can end up trying to decode a slice without a valid slice header, which can lead to invalid memory access. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org
author: Anton Khirnov <anton@khirnov.net> 2013-11-28 10:54:35 +0100
committer: Anton Khirnov <anton@khirnov.net> 2014-01-03 16:42:02 +0100
commit: 58312b2472d3a44d7458865c459d59ef2e02bf1a (patch)
tree: 54da3fa4d72d31d87c128463b2464f36bbaaede2
parent: e89aa4bf56e5b5c45f569eb12733519789e057da (diff)
download: ffmpeg-58312b2472d3a44d7458865c459d59ef2e02bf1a.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index f610d71310..3aa3af0a64 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -4725,8 +4725,13 @@ again:
                 hx->intra_gb_ptr =
                 hx->inter_gb_ptr = NULL;
 
-                if ((err = decode_slice_header(hx, h)) < 0)
+                if ((err = decode_slice_header(hx, h)) < 0) {
+                    /* make sure data_partitioning is cleared if it was set
+                     * before, so we don't try decoding a slice without a valid
+                     * slice header later */
+                    h->data_partitioning = 0;
                     break;
+                }
 
                 hx->data_partitioning = 1;
                 break;
author	Anton Khirnov <anton@khirnov.net>	2013-11-28 10:54:35 +0100
committer	Anton Khirnov <anton@khirnov.net>	2014-01-03 16:42:02 +0100
commit	58312b2472d3a44d7458865c459d59ef2e02bf1a (patch)
tree	54da3fa4d72d31d87c128463b2464f36bbaaede2
parent	e89aa4bf56e5b5c45f569eb12733519789e057da (diff)
download	ffmpeg-58312b2472d3a44d7458865c459d59ef2e02bf1a.tar.gz