diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2017-06-10 00:13:07 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2017-06-16 01:05:29 +0200 |
| commit | e5714e4ccbc95f5001bc33914c2a3f8c1c4e5572 (patch) | |
| tree | 50881c61b0e0f0b5e2c0a3b9ad9292133903bc6f /libavcodec/h264_parser.c | |
| parent | e93ffb488844e5d5a06c219715dc3e5913181561 (diff) | |
| download | ffmpeg-e5714e4ccbc95f5001bc33914c2a3f8c1c4e5572.tar.gz | |
avcodec/h264_parse: Check picture structure when initializig weight table
Fixes: runtime error: index 49 out of bounds for type 'int [48][2][2]'
Fixes: 2159/clusterfuzz-testcase-minimized-5267945972301824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a1ad368a78b153b63ccc07af864b3611e2a4ac3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/h264_parser.c')
| -rw-r--r-- | libavcodec/h264_parser.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c index bca00717c4..7ac6a5f0be 100644 --- a/libavcodec/h264_parser.c +++ b/libavcodec/h264_parser.c @@ -202,7 +202,7 @@ static int scan_mmco_reset(AVCodecParserContext *s, GetBitContext *gb, if ((p->ps.pps->weighted_pred && slice_type_nos == AV_PICTURE_TYPE_P) || (p->ps.pps->weighted_bipred_idc == 1 && slice_type_nos == AV_PICTURE_TYPE_B)) ff_h264_pred_weight_table(gb, p->ps.sps, ref_count, slice_type_nos, - &pwt, logctx); + &pwt, p->picture_structure, logctx); if (get_bits1(gb)) { // adaptive_ref_pic_marking_mode_flag int i; |