avcodec/h264: Disallow pps_id changing between slices

Such changes are forbidden in H.264 and lead to race conditions Fixes out of array read Fixes: signal_sigsegv_f9796a_1613_cov_3114610371_FM1_BT_B.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e708424b70bef8641e8a090ec4d9e8c4490db87e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2014-02-03 23:52:38 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2014-02-23 14:49:37 +0100
commit: 9330bcff9ba2e74cc13630cb607a11753c1c212c (patch)
tree: ab8e89c3851a24c1fb8b29897ae04cbe7a5f9af9 /libavcodec/h264.h
parent: 9fb364babdc7788bf955100958ef596448e5c1b1 (diff)
download: ffmpeg-9330bcff9ba2e74cc13630cb607a11753c1c212c.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/h264.h b/libavcodec/h264.h
index ed7f04b853..63a343774c 100644
--- a/libavcodec/h264.h
+++ b/libavcodec/h264.h
@@ -390,6 +390,8 @@ typedef struct H264Context {
      */
     PPS pps; // FIXME move to Picture perhaps? (->no) do we need that?
 
+    int au_pps_id; ///< pps_id of current access unit
+
     uint32_t dequant4_buffer[6][QP_MAX_NUM + 1][16]; // FIXME should these be moved down?
     uint32_t dequant8_buffer[6][QP_MAX_NUM + 1][64];
     uint32_t(*dequant4_coeff[6])[16];
author	Michael Niedermayer <michaelni@gmx.at>	2014-02-03 23:52:38 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:49:37 +0100
commit	9330bcff9ba2e74cc13630cb607a11753c1c212c (patch)
tree	ab8e89c3851a24c1fb8b29897ae04cbe7a5f9af9 /libavcodec/h264.h
parent	9fb364babdc7788bf955100958ef596448e5c1b1 (diff)
download	ffmpeg-9330bcff9ba2e74cc13630cb607a11753c1c212c.tar.gz