[FFmpeg-devel] [PATCH] Fix h264 decoder when nal end sequence is present

Michael Niedermayer michaelni
Sat Nov 20 02:49:16 CET 2010 

On Thu, Nov 18, 2010 at 06:24:41PM -0800, Baptiste Coudurier wrote:
> Hi
>
> $subject.  The problem happens if the last frame only contains a NAL_END  
> unit. The decoder will fail with "no frame" error and won't output the  
> last frame.
>
> Please comment. I'm not sure why the if (nalsize == 1) buf_index++ was  
> added.
>
> -- 
> Baptiste COUDURIER
> Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
> FFmpeg maintainer                                  http://www.ffmpeg.org

>  h264.c |   17 +++++++++--------
>  1 file changed, 9 insertions(+), 8 deletions(-)
> 7f720299cf8fbb13ecc9bc8fc59b946200146501  h264_nal_end_fix.patch
> diff --git a/libavcodec/h264.c b/libavcodec/h264.c
> index f99f7ea..640239b 100644
> --- a/libavcodec/h264.c
> +++ b/libavcodec/h264.c
> @@ -2783,14 +2783,9 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
>              nalsize = 0;
>              for(i = 0; i < h->nal_length_size; i++)
>                  nalsize = (nalsize << 8) | buf[buf_index++];
> -            if(nalsize <= 1 || nalsize > buf_size - buf_index){
> +            if(!nalsize || nalsize > buf_size - buf_index){

have you considered negative nalsize, these can happen through overflow
besides this i see no problem in your patch but i also dont know why the ==1
was added.
It was added by loren:   (maybe you could ask him to make sure we arent
breaking something)
That said, once above things are resolved feel free to commit

commit 8a16e111c48b622e13d7c0bf10e909d416ec89ed
Author: lorenm <lorenm at 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
Date:   Tue Feb 14 05:40:53 2006 +0000

    fix some crashes on negative nalsize.


    git-svn-id: svn://svn.mplayerhq.hu/ffmpeg/trunk at 5022 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 4c2f0cb..a90f9fa 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -7507,6 +7507,15 @@ static int decode_nal_units(H264Context *h, uint8_t *buf, int buf_size){
         nalsize = 0;
         for(i = 0; i < h->nal_length_size; i++)
             nalsize = (nalsize << 8) | buf[buf_index++];
+        if(nalsize <= 1){
+            if(nalsize == 1){
+                buf_index++;
+                continue;
+            }else{
+                av_log(h->s.avctx, AV_LOG_ERROR, "AVC: nal size %d\n", nalsize);
+                break;
+            }
+        }
       } else {
         // start code prefix search
         for(; buf_index + 3 < buf_size; buf_index++){

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Everything should be made as simple as possible, but not simpler.
-- Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101120/e65c36ab/attachment.pgp>

More information about the ffmpeg-devel mailing list