[FFmpeg-cvslog] vulkan_h264: check if slices_buf exists on end_frame

[Lynne]

ffmpeg | branch: master | Lynne <dev at lynne.ee> | Sun Jun 25 02:42:29 2023 +0200| [c39e861a3d42c2beeae5d87fa8ddf87c36fac9b1] | committer: Lynne

vulkan_h264: check if slices_buf exists on end_frame

The issue is that while decode_slice is guaranteed to never get
called without start_frame, end_frame is not. Moreover, it is
not guaranteed it won't be called twice.

On a badly-broken sample, this is what happens, which leads to
a segfault, as vp->slices_buf doesn't exist, as it has been handed
off for decoding already and isn't owned by the frame.

Return an error as it's indicative that it's a corrupt stream rather
than just missing any slices.

Prevents a segfault.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c39e861a3d42c2beeae5d87fa8ddf87c36fac9b1
---

 libavcodec/vulkan_h264.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/vulkan_h264.c b/libavcodec/vulkan_h264.c
index 089a181bb4..84bcef7933 100644
--- a/libavcodec/vulkan_h264.c
+++ b/libavcodec/vulkan_h264.c
@@ -520,6 +520,9 @@ static int vk_h264_end_frame(AVCodecContext *avctx)
     if (!hp->h264_pic_info.sliceCount)
         return 0;
 
+    if (!vp->slices_buf)
+        return AVERROR(EINVAL);
+
     if (!dec->session_params) {
         int err = vk_h264_create_params(avctx, &dec->session_params);
         if (err < 0)