[FFmpeg-cvslog] h264: avoid stuck buffer pointer in decode_nal_units
Jindřich Makovička
git at videolan.org
Sun Sep 30 14:34:39 CEST 2012
ffmpeg | branch: master | Jindřich Makovička <makovick at gmail.com> | Sat Sep 29 11:16:45 2012 +0200| [1a8c6917f68f7378465e18f7615762bfd22704c2] | committer: Anton Khirnov
h264: avoid stuck buffer pointer in decode_nal_units
When decode_nal_units() previously encountered a NAL_END_SEQUENCE,
and there are some junk bytes left in the input buffer, but no start codes,
buf_index gets stuck 3 bytes before the end of the buffer.
This can trigger an infinite loop in the caller code, eg. in
try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes,
with 3 bytes of the input packet still available.
With this change, the remaining bytes are skipped so the whole packet gets
consumed.
CC:libav-stable at libav.org
Signed-off-by: Jindřich Makovička <makovick at gmail.com>
Signed-off-by: Anton Khirnov <anton at khirnov.net>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1a8c6917f68f7378465e18f7615762bfd22704c2
---
libavcodec/h264.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 99cf5dc..5de7f10 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -3694,8 +3694,10 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size)
buf[buf_index + 2] == 1)
break;
- if (buf_index + 3 >= buf_size)
+ if (buf_index + 3 >= buf_size) {
+ buf_index = buf_size;
break;
+ }
buf_index += 3;
if (buf_index >= next_avc)
More information about the ffmpeg-cvslog
mailing list