diff options
author | Jindřich Makovička <makovick@gmail.com> | 2012-09-29 11:16:45 +0200 |
---|---|---|
committer | Reinhard Tartler <siretart@tauware.de> | 2013-01-04 07:43:38 +0100 |
commit | 11ecd8574a2edd482c687123f374f22c3390c6dc (patch) | |
tree | 43bbe2e0a8a7e13886c9b3955cf8d2d55126af8b /libavcodec | |
parent | 5754176b5bfb4a298c376b4bdcce218848d15936 (diff) | |
download | ffmpeg-11ecd8574a2edd482c687123f374f22c3390c6dc.tar.gz |
h264: avoid stuck buffer pointer in decode_nal_units
When decode_nal_units() previously encountered a NAL_END_SEQUENCE,
and there are some junk bytes left in the input buffer, but no start codes,
buf_index gets stuck 3 bytes before the end of the buffer.
This can trigger an infinite loop in the caller code, eg. in
try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes,
with 3 bytes of the input packet still available.
With this change, the remaining bytes are skipped so the whole packet gets
consumed.
CC:libav-stable@libav.org
Signed-off-by: Jindřich Makovička <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 1a8c6917f68f7378465e18f7615762bfd22704c2)
Conflicts:
libavcodec/h264.c
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/h264.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c index ac7eb20f35..adb01d4a5e 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3700,7 +3700,11 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ break; } - if(buf_index+3 >= buf_size) break; + + if (buf_index + 3 >= buf_size) { + buf_index = buf_size; + break; + } buf_index+=3; if(buf_index >= next_avc) continue; |