aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorAnton Khirnov <anton@khirnov.net>2013-11-28 10:54:35 +0100
committerReinhard Tartler <siretart@tauware.de>2014-05-31 20:05:19 -0400
commita7cce9ebf3ae3b9678970236c964900393603a73 (patch)
tree4a5d8cb42e1838fcf9345f332bcfe542e8ffc256 /libavcodec
parent51ae8e26af8f5b26efb41edc0fe4812368d16ae9 (diff)
downloadffmpeg-a7cce9ebf3ae3b9678970236c964900393603a73.tar.gz
h264: reset first_field if frame_start() fails for missing refs
In this case we may not have a current frame, while first_field being set implies we do. Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/h264.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index de4a4f0e66..e88bb936e3 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -2990,8 +2990,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
h->frame_num != (h->prev_frame_num + 1) % (1 << h->sps.log2_max_frame_num)) {
Picture *prev = h->short_ref_count ? h->short_ref[0] : NULL;
av_log(h->s.avctx, AV_LOG_DEBUG, "Frame num gap %d %d\n", h->frame_num, h->prev_frame_num);
- if (ff_h264_frame_start(h) < 0)
+ if (ff_h264_frame_start(h) < 0) {
+ h0->s.first_field = 0;
return -1;
+ }
h->prev_frame_num++;
h->prev_frame_num %= 1<<h->sps.log2_max_frame_num;
s->current_picture_ptr->frame_num= h->prev_frame_num;
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-17 19:02:34 +0000