aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorJindřich Makovička <makovick@gmail.com>2012-09-29 11:16:45 +0200
committerReinhard Tartler <siretart@tauware.de>2013-01-04 07:43:38 +0100
commit11ecd8574a2edd482c687123f374f22c3390c6dc (patch)
tree43bbe2e0a8a7e13886c9b3955cf8d2d55126af8b /libavcodec
parent5754176b5bfb4a298c376b4bdcce218848d15936 (diff)
downloadffmpeg-11ecd8574a2edd482c687123f374f22c3390c6dc.tar.gz
h264: avoid stuck buffer pointer in decode_nal_units
When decode_nal_units() previously encountered a NAL_END_SEQUENCE, and there are some junk bytes left in the input buffer, but no start codes, buf_index gets stuck 3 bytes before the end of the buffer. This can trigger an infinite loop in the caller code, eg. in try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes, with 3 bytes of the input packet still available. With this change, the remaining bytes are skipped so the whole packet gets consumed. CC:libav-stable@libav.org Signed-off-by: Jindřich Makovička <makovick@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 1a8c6917f68f7378465e18f7615762bfd22704c2) Conflicts: libavcodec/h264.c
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/h264.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index ac7eb20f35..adb01d4a5e 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -3700,7 +3700,11 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
break;
}
- if(buf_index+3 >= buf_size) break;
+
+ if (buf_index + 3 >= buf_size) {
+ buf_index = buf_size;
+ break;
+ }
buf_index+=3;
if(buf_index >= next_avc) continue;