[Ffmpeg-devel] [BUG] Segfault in h264 decoder on corrupt input
Michael Niedermayer
michaelni
Thu Mar 15 20:04:30 CET 2007
Hi
On Thu, Mar 15, 2007 at 07:37:32PM +0100, Reinhard Nissl wrote:
> Hi,
>
> Michael Niedermayer wrote:
>
> >> @@ -8175,7 +8178,7 @@
> >>
> >> if(decode_slice_header(h) < 0){
> >> av_log(h->s.avctx, AV_LOG_ERROR, "decode_slice_header error\n");
> >> - break;
> >> + return -1;
> >> }
> >> s->current_picture_ptr->key_frame= (h->nal_unit_type == NAL_IDR_SLICE);
> >> if(h->redundant_pic_count==0 && s->hurry_up < 5
> >
> > not ok
> >
> >> @@ -8193,6 +8196,7 @@
> >>
> >> if(decode_slice_header(h) < 0){
> >> av_log(h->s.avctx, AV_LOG_ERROR, "decode_slice_header error\n");
> >> + return -1;
> >> }
> >> break;
> >
> > not ok
>
> Michael, would you please drop a few lines why these two changes are not
> ok
well the decoder gets several NAL units, if theres an error in a
slice (header) it should skip that slice (break) not skip all following
NAL units
> respectively post a hint what is missing to make them ok?
i dont know, this change is simply wrong, its a little like calling
abort() this also would "fix" every following problem ...
just think of the case that the slice which causes the return -1 would be
missing, no return -1 and whatever caused the crash afterwards will likely
stil cause it
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Opposition brings concord. Out of discord comes the fairest harmony.
-- Heraclitus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070315/c4da8d38/attachment.pgp>
More information about the ffmpeg-devel
mailing list