diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2012-12-17 00:48:33 +0100 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2012-12-17 01:08:19 +0100 |
commit | 7973a07590f2b376b5453c4553bec97a800182ab (patch) | |
tree | 2277802fd1d53a8e41b081df1a01457d13df8176 | |
parent | 55b243cade7291e48eac430a86be6b48be87c4b5 (diff) | |
download | ffmpeg-7973a07590f2b376b5453c4553bec97a800182ab.tar.gz |
h264: Improve first slice and slice type checks
This prevents a null pointer dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r-- | libavcodec/h264.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 1419f57c34..86e77567d3 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3790,6 +3790,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size) int nals_needed = 0; ///< number of NALs that need decoding before the next frame thread starts int nal_index; int idr_cleared=0; + int first_slice = 0; h->nal_unit_type= 0; @@ -3900,12 +3901,22 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size) case NAL_IDR_SLICE: case NAL_SLICE: init_get_bits(&hx->s.gb, ptr, bit_length); - if (!get_ue_golomb(&hx->s.gb)) + if (!get_ue_golomb(&hx->s.gb) || !first_slice) nals_needed = nal_index; + if (!first_slice) + first_slice = hx->nal_unit_type; } continue; } + if (!first_slice) + switch (hx->nal_unit_type) { + case NAL_DPA: + case NAL_IDR_SLICE: + case NAL_SLICE: + first_slice = hx->nal_unit_type; + } + // FIXME do not discard SEI id if (avctx->skip_frame >= AVDISCARD_NONREF && h->nal_ref_idc == 0) continue; @@ -3928,7 +3939,7 @@ again: switch (hx->nal_unit_type) { case NAL_IDR_SLICE: - if (h->nal_unit_type != NAL_IDR_SLICE) { + if (first_slice != NAL_IDR_SLICE) { av_log(h->s.avctx, AV_LOG_ERROR, "Invalid mix of idr and non-idr slices\n"); buf_index = -1; |