vulkan_h264: check if slices_buf exists on end_frame

The issue is that while decode_slice is guaranteed to never get called without start_frame, end_frame is not. Moreover, it is not guaranteed it won't be called twice. On a badly-broken sample, this is what happens, which leads to a segfault, as vp->slices_buf doesn't exist, as it has been handed off for decoding already and isn't owned by the frame. Return an error as it's indicative that it's a corrupt stream rather than just missing any slices. Prevents a segfault.
author: Lynne <dev@lynne.ee> 2023-06-25 02:42:29 +0200
committer: Lynne <dev@lynne.ee> 2023-06-25 03:11:38 +0200
commit: c39e861a3d42c2beeae5d87fa8ddf87c36fac9b1 (patch)
tree: a7541107858b2e6c024002eb6e0fc26541142655
parent: 10f1bbfe117e990a6fe56c03085966fa0c0f0f2e (diff)
download: ffmpeg-c39e861a3d42c2beeae5d87fa8ddf87c36fac9b1.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/vulkan_h264.c b/libavcodec/vulkan_h264.c
index 089a181bb4..84bcef7933 100644
--- a/libavcodec/vulkan_h264.c
+++ b/libavcodec/vulkan_h264.c
@@ -520,6 +520,9 @@ static int vk_h264_end_frame(AVCodecContext *avctx)
     if (!hp->h264_pic_info.sliceCount)
         return 0;
 
+    if (!vp->slices_buf)
+        return AVERROR(EINVAL);
+
     if (!dec->session_params) {
         int err = vk_h264_create_params(avctx, &dec->session_params);
         if (err < 0)
author	Lynne <dev@lynne.ee>	2023-06-25 02:42:29 +0200
committer	Lynne <dev@lynne.ee>	2023-06-25 03:11:38 +0200
commit	c39e861a3d42c2beeae5d87fa8ddf87c36fac9b1 (patch)
tree	a7541107858b2e6c024002eb6e0fc26541142655
parent	10f1bbfe117e990a6fe56c03085966fa0c0f0f2e (diff)
download	ffmpeg-c39e861a3d42c2beeae5d87fa8ddf87c36fac9b1.tar.gz