fix crash when decoding a truncated H264 slice

patch by Alexander Chemeris % ipse P ffmpeg A gmail.com % Original thread: date: Dec 5, 2006 7:26 PM subject: [Ffmpeg-devel] [PATCH] Fix crush when truncated slice passed to H.264 decoder Originally committed as revision 7229 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Alexander Chemeris <ipse.ffmpeg@gmail.com> 2006-12-05 22:18:19 +0000
committer: Guillaume Poirier <gpoirier@mplayerhq.hu> 2006-12-05 22:18:19 +0000
commit: a083f53c453846811f11ae650f047cdfdef18ae2 (patch)
tree: 28040b1064118a20cc6b93bcbe5d0c0bd982d590 /libavcodec/h264.c
parent: 3ee5c5b739e6961cf6791687301c0fd781238a22 (diff)
download: ffmpeg-a083f53c453846811f11ae650f047cdfdef18ae2.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 1c02adc314..73d10c8b2d 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -4883,6 +4883,10 @@ static int decode_residual(H264Context *h, GetBitContext *gb, DCTELEM *block, in
 
     if(total_coeff==0)
         return 0;
+    if(total_coeff<0) {
+        av_log(h->s.avctx, AV_LOG_ERROR, "corrupted macroblock %d %d (total_coeff<0)\n", s->mb_x, s->mb_y);
+        return -1;
+    }
 
     trailing_ones= coeff_token&3;
     tprintf("trailing:%d, total:%d\n", trailing_ones, total_coeff);
author	Alexander Chemeris <ipse.ffmpeg@gmail.com>	2006-12-05 22:18:19 +0000
committer	Guillaume Poirier <gpoirier@mplayerhq.hu>	2006-12-05 22:18:19 +0000
commit	a083f53c453846811f11ae650f047cdfdef18ae2 (patch)
tree	28040b1064118a20cc6b93bcbe5d0c0bd982d590 /libavcodec/h264.c
parent	3ee5c5b739e6961cf6791687301c0fd781238a22 (diff)
download	ffmpeg-a083f53c453846811f11ae650f047cdfdef18ae2.tar.gz