[FFmpeg-cvslog] h264: additional protection against unsupported size/bitdepth changes.

Ronald S. Bultje git at videolan.org
Thu May 3 21:28:04 CEST 2012


ffmpeg | branch: master | Ronald S. Bultje <rsbultje at gmail.com> | Thu Mar 29 16:37:09 2012 -0700| [732f9fcfe54fc9a0a7bbce53fe86b38744c2d301] | committer: Ronald S. Bultje

h264: additional protection against unsupported size/bitdepth changes.

Fixes crashes in codepaths not covered by original checks.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=732f9fcfe54fc9a0a7bbce53fe86b38744c2d301
---

 libavcodec/h264.c    |    4 ++--
 libavcodec/h264_ps.c |    3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 890dd22..6ed251e 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -2971,10 +2971,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
     if (s->context_initialized &&
         (s->width != s->avctx->width || s->height != s->avctx->height ||
          av_cmp_q(h->sps.sar, s->avctx->sample_aspect_ratio))) {
-        if (h != h0) {
+        if (h != h0 || (HAVE_THREADS && h->s.avctx->active_thread_type & FF_THREAD_FRAME)) {
             av_log_missing_feature(s->avctx,
                                    "Width/height changing with threads is", 0);
-            return -1;   // width / height changed during parallelized decoding
+            return AVERROR_PATCHWELCOME;   // width / height changed during parallelized decoding
         }
         free_tables(h, 0);
         flush_dpb(s->avctx);
diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c
index 354469c..3f53af8 100644
--- a/libavcodec/h264_ps.c
+++ b/libavcodec/h264_ps.c
@@ -475,6 +475,9 @@ int ff_h264_decode_picture_parameter_set(H264Context *h, int bit_length){
     if(pps_id >= MAX_PPS_COUNT) {
         av_log(h->s.avctx, AV_LOG_ERROR, "pps_id (%d) out of range\n", pps_id);
         return -1;
+    } else if (h->sps.bit_depth_luma > 10) {
+        av_log(h->s.avctx, AV_LOG_ERROR, "Unimplemented luma bit depth=%d (max=10)\n", h->sps.bit_depth_luma);
+        return AVERROR_PATCHWELCOME;
     }
 
     pps= av_mallocz(sizeof(PPS));



More information about the ffmpeg-cvslog mailing list