diff options
author | Jindřich Makovička <makovick@gmail.com> | 2012-09-29 11:16:45 +0200 |
---|---|---|
committer | Anton Khirnov <anton@khirnov.net> | 2012-09-29 19:31:17 +0200 |
commit | 1a8c6917f68f7378465e18f7615762bfd22704c2 (patch) | |
tree | 95fefb1dcfc3c6b00157121c612e07d246e96fd2 /libavcodec/h264.c | |
parent | 0f583d20d5ddcab34d8af76a597d5d6f1f19fece (diff) | |
download | ffmpeg-1a8c6917f68f7378465e18f7615762bfd22704c2.tar.gz |
h264: avoid stuck buffer pointer in decode_nal_units
When decode_nal_units() previously encountered a NAL_END_SEQUENCE,
and there are some junk bytes left in the input buffer, but no start codes,
buf_index gets stuck 3 bytes before the end of the buffer.
This can trigger an infinite loop in the caller code, eg. in
try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes,
with 3 bytes of the input packet still available.
With this change, the remaining bytes are skipped so the whole packet gets
consumed.
CC:libav-stable@libav.org
Signed-off-by: Jindřich Makovička <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Diffstat (limited to 'libavcodec/h264.c')
-rw-r--r-- | libavcodec/h264.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 99cf5dc9f3..5de7f104ca 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3694,8 +3694,10 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size) buf[buf_index + 2] == 1) break; - if (buf_index + 3 >= buf_size) + if (buf_index + 3 >= buf_size) { + buf_index = buf_size; break; + } buf_index += 3; if (buf_index >= next_avc) |