diff options
| author | Anton Khirnov <anton@khirnov.net> | 2016-12-18 11:29:25 +0100 |
|---|---|---|
| committer | Anton Khirnov <anton@khirnov.net> | 2016-12-19 08:15:58 +0100 |
| commit | 45286a625c6ced1f5c4c842244cbb4509429abba (patch) | |
| tree | c55d728226f215230e375240d0caddc7a654ac88 | |
| parent | c2fa6bb0e8703a7a6aa10e11f9ab36094416d83f (diff) | |
| download | ffmpeg-45286a625c6ced1f5c4c842244cbb4509429abba.tar.gz | |
h264dec: make sure to only end a field if it has been started
Calling ff_h264_field_end() when the per-field state is not properly
initialized leads to all kinds of undefined behaviour.
CC: libav-stable@libav.org
Bug-Id: 977 978 992
| -rw-r--r-- | libavcodec/h264_picture.c | 1 | ||||
| -rw-r--r-- | libavcodec/h264_slice.c | 4 | ||||
| -rw-r--r-- | libavcodec/h264dec.c | 3 | ||||
| -rw-r--r-- | libavcodec/h264dec.h | 5 |
4 files changed, 10 insertions, 3 deletions
diff --git a/libavcodec/h264_picture.c b/libavcodec/h264_picture.c index e22852a24f..24ba79df0e 100644 --- a/libavcodec/h264_picture.c +++ b/libavcodec/h264_picture.c @@ -194,6 +194,7 @@ int ff_h264_field_end(H264Context *h, H264SliceContext *sl, int in_setup) emms_c(); h->current_slice = 0; + h->field_started = 0; return err; } diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c index 1b91088f52..db7628cf97 100644 --- a/libavcodec/h264_slice.c +++ b/libavcodec/h264_slice.c @@ -1884,9 +1884,8 @@ int ff_h264_queue_decode_slice(H264Context *h, const H2645NAL *nal) sl = h->slice_ctx; } - if (h->current_slice && h->cur_pic_ptr && FIELD_PICTURE(h)) { + if (h->field_started) ff_h264_field_end(h, sl, 1); - } h->current_slice = 0; if (!h->first_field) { @@ -1902,6 +1901,7 @@ int ff_h264_queue_decode_slice(H264Context *h, const H2645NAL *nal) ret = h264_field_start(h, sl, nal); if (ret < 0) return ret; + h->field_started = 1; } } diff --git a/libavcodec/h264dec.c b/libavcodec/h264dec.c index 83b3ab3be1..54ded03bd8 100644 --- a/libavcodec/h264dec.c +++ b/libavcodec/h264dec.c @@ -757,7 +757,8 @@ out: if (!(avctx->flags2 & AV_CODEC_FLAG2_CHUNKS) || (h->mb_y >= h->mb_height && h->mb_height)) { - ff_h264_field_end(h, &h->slice_ctx[0], 0); + if (h->field_started) + ff_h264_field_end(h, &h->slice_ctx[0], 0); *got_frame = 0; if (h->output_frame->buf[0]) { diff --git a/libavcodec/h264dec.h b/libavcodec/h264dec.h index f934fc40b8..2ffe4deda0 100644 --- a/libavcodec/h264dec.h +++ b/libavcodec/h264dec.h @@ -509,6 +509,11 @@ typedef struct H264Context { * slices) anymore */ int setup_finished; + /* This is set to 1 if h264_field_start() has been called successfully, + * so all per-field state is properly initialized and we can decode + * the slice data */ + int field_started; + AVFrame *output_frame; int enable_er; |