diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2015-02-07 02:22:44 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2015-02-07 14:14:24 +0100 |
| commit | 4de40be5077364c8b0e25c5fa8d3fc9afbcfe94b (patch) | |
| tree | 6faee148033f6ac545b81b86a6161c328ebf2cac | |
| parent | 64e50b2f2a6830475224b2ec03bb88ff300067f8 (diff) | |
| download | ffmpeg-4de40be5077364c8b0e25c5fa8d3fc9afbcfe94b.tar.gz | |
avcodec/h264_slice: Check picture structure before setting the related fields
This might fix a hypothetical race condition
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f111831ed61103f9fa8fdda41473a23da016bdaa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Conflicts:
libavcodec/h264_slice.c
Conflicts:
libavcodec/h264.c
| -rw-r--r-- | libavcodec/h264.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c index dfbab6687a..3e621041ff 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3148,7 +3148,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0) int must_reinit; int needs_reinit = 0; int first_slice = h == h0 && !h0->current_slice; - int frame_num; + int frame_num, picture_structure, droppable; PPS *pps; h->me.qpel_put = h->h264qpel.put_h264_qpel_pixels_tab; @@ -3342,37 +3342,32 @@ static int decode_slice_header(H264Context *h, H264Context *h0) return AVERROR_INVALIDDATA; } } - h->frame_num = frame_num; h->mb_mbaff = 0; h->mb_aff_frame = 0; last_pic_structure = h0->picture_structure; last_pic_droppable = h0->droppable; - h->droppable = h->nal_ref_idc == 0; + droppable = h->nal_ref_idc == 0; if (h->sps.frame_mbs_only_flag) { - h->picture_structure = PICT_FRAME; + picture_structure = PICT_FRAME; } else { if (!h->sps.direct_8x8_inference_flag && slice_type == AV_PICTURE_TYPE_B) { av_log(h->avctx, AV_LOG_ERROR, "This stream was generated by a broken encoder, invalid 8x8 inference\n"); return -1; } if (get_bits1(&h->gb)) { // field_pic_flag - h->picture_structure = PICT_TOP_FIELD + get_bits1(&h->gb); // bottom_field_flag + picture_structure = PICT_TOP_FIELD + get_bits1(&h->gb); // bottom_field_flag } else { - h->picture_structure = PICT_FRAME; + picture_structure = PICT_FRAME; h->mb_aff_frame = h->sps.mb_aff; } } - h->mb_field_decoding_flag = h->picture_structure != PICT_FRAME; - - if (h0->current_slice != 0) { - if (last_pic_structure != h->picture_structure || - last_pic_droppable != h->droppable) { + if (h0->current_slice) { + if (last_pic_structure != picture_structure || + last_pic_droppable != droppable) { av_log(h->avctx, AV_LOG_ERROR, "Changing field mode (%d -> %d) between slices is not allowed\n", last_pic_structure, h->picture_structure); - h->picture_structure = last_pic_structure; - h->droppable = last_pic_droppable; return AVERROR_INVALIDDATA; } else if (!h0->cur_pic_ptr) { av_log(h->avctx, AV_LOG_ERROR, @@ -3380,7 +3375,14 @@ static int decode_slice_header(H264Context *h, H264Context *h0) h0->current_slice + 1); return AVERROR_INVALIDDATA; } - } else { + } + + h->picture_structure = picture_structure; + h->droppable = droppable; + h->frame_num = frame_num; + h->mb_field_decoding_flag = picture_structure != PICT_FRAME; + + if (h0->current_slice == 0) { /* Shorten frame num gaps so we don't have to allocate reference * frames just to throw them away */ if (h->frame_num != h->prev_frame_num) { |