diff options
| author | Anton Khirnov <anton@khirnov.net> | 2013-11-28 10:54:35 +0100 |
|---|---|---|
| committer | Sean McGovern <gseanmcg@gmail.com> | 2014-04-14 16:55:38 -0400 |
| commit | 7fd6c9fb49573870b48a995947edc83eedd7e86e (patch) | |
| tree | b81fd588c721c710d4a0da8e8d278322da5a3738 | |
| parent | 175b53d051cf9e17583106c828c35d169f335ea3 (diff) | |
| download | ffmpeg-7fd6c9fb49573870b48a995947edc83eedd7e86e.tar.gz | |
h264: reset first_field if frame_start() fails for missing refs
In this case we may not have a current frame, while first_field being
set implies we do.
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
| -rw-r--r-- | libavcodec/h264.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c index f5f7de4b41..db336f0fc5 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2910,8 +2910,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0) Picture *prev = h->short_ref_count ? h->short_ref[0] : NULL; av_log(h->s.avctx, AV_LOG_DEBUG, "Frame num gap %d %d\n", h->frame_num, h->prev_frame_num); - if (ff_h264_frame_start(h) < 0) + if (ff_h264_frame_start(h) < 0) { + s0->first_field = 0; return -1; + } h->prev_frame_num++; h->prev_frame_num %= 1 << h->sps.log2_max_frame_num; s->current_picture_ptr->frame_num = h->prev_frame_num; |