generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

avcodec/h264_slice: Do not change frame_num after the first slice

Browse Source 
Fixes potential race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2015-02-07 02:06:20 +01:00
parent 9dc45d1f42
commit f906982c94
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libavcodec/h264_slice.c
View File

@ -1285,6 +1285,7 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
int needs_reinit = 0; int needs_reinit = 0;
int field_pic_flag, bottom_field_flag; int field_pic_flag, bottom_field_flag;
int first_slice = h == h0 && !h0->current_slice; int first_slice = h == h0 && !h0->current_slice;
int frame_num;
PPS *pps; PPS *pps;
h->qpel_put = h->h264qpel.put_h264_qpel_pixels_tab; h->qpel_put = h->h264qpel.put_h264_qpel_pixels_tab;
@ -1494,7 +1495,15 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
h264_init_dequant_tables(h); h264_init_dequant_tables(h);
} }
h->frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num); frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num);
if (!first_slice) {
if (h0->frame_num != frame_num) {
av_log(h->avctx, AV_LOG_ERROR, "Frame num change from %d to %d\n",
h0->frame_num, frame_num);
return AVERROR_INVALIDDATA;
}
}
h->frame_num = frame_num;
h->mb_mbaff = 0; h->mb_mbaff = 0;
h->mb_aff_frame = 0; h->mb_aff_frame = 0;