aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/h264dec.c
diff options
context:
space:
mode:
authorNiklas Haas <git@haasn.dev>2021-08-25 05:06:01 +0200
committerJames Almer <jamrial@gmail.com>2021-08-25 00:56:35 -0300
commit94653e0dee8d2efa85087e28249249cb3fde3d71 (patch)
tree22978eab08a3975ba491aa952e8fec83fb832ef4 /libavcodec/h264dec.c
parentb492cacffd36ad4cb251ba1f13ac398318ee639a (diff)
downloadffmpeg-94653e0dee8d2efa85087e28249249cb3fde3d71.tar.gz
avcodec/h264dec: fix possible out-of-bounds array access
If slice_type is > 9, the access to ff_h264_golomb_to_pict_type is out-of-bounds. Fix this by simply setting the slice_type to 0 in this case. This is completely inconsequential because the value is only being used to being used as an offset in the calculation of the film grain seed value, a corruption of which is practically invisible. Fixes coverity ticket #1490802 Signed-off-by: James Almer <jamrial@gmail.com>
Diffstat (limited to 'libavcodec/h264dec.c')
-rw-r--r--libavcodec/h264dec.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/libavcodec/h264dec.c b/libavcodec/h264dec.c
index 5e5b1c1d69..c7e8b2827b 100644
--- a/libavcodec/h264dec.c
+++ b/libavcodec/h264dec.c
@@ -533,10 +533,8 @@ static int get_last_needed_nal(H264Context *h)
first_slice != nal->type)
nals_needed = i;
slice_type = get_ue_golomb_31(&gb);
- if (slice_type > 9) {
- if (h->avctx->err_recognition & AV_EF_EXPLODE)
- return AVERROR_INVALIDDATA;
- }
+ if (slice_type > 9)
+ slice_type = 0;
if (slice_type > 4)
slice_type -= 5;