diff options
| author | Anton Khirnov <[email protected]> | 2013-11-28 10:54:35 +0100 |
|---|---|---|
| committer | Reinhard Tartler <[email protected]> | 2014-05-31 20:05:18 -0400 |
| commit | 3ee26080d6b3e777992b4b4124e62e1bf0ac0a65 (patch) | |
| tree | 1955d2978fc4cdaf6e28444e98cea81331301e4e | |
| parent | e0d8a17402b934b8fba7b86c6c990abf1257901b (diff) | |
h264: reset data_partitioning if decoding the slice header for NAL_DPA fails
If it was set before then we can end up trying to decode a slice without
a valid slice header, which can lead to invalid memory access.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:[email protected]
| -rw-r--r-- | libavcodec/h264.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c index f021e59713..886fc047fb 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -4013,8 +4013,13 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ hx->intra_gb_ptr= hx->inter_gb_ptr= NULL; - if ((err = decode_slice_header(hx, h)) < 0) + if ((err = decode_slice_header(hx, h)) < 0) { + /* make sure data_partitioning is cleared if it was set + * before, so we don't try decoding a slice without a valid + * slice header later */ + s->data_partitioning = 0; break; + } hx->s.data_partitioning = 1; |