wrapper/FFmpeg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

avcodec/h264_slice: Do not change frame_num after the first slice

Browse source 
Fixes potential race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f906982c94)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Conflicts:

	libavcodec/h264_slice.c
This commit is contained in:
Michael Niedermayer 2015-02-07 02:06:20 +01:00
parent 5b4a79ee02
commit 64e50b2f2a
1 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
libavcodec/h264.c
View file

@ -3148,6 +3148,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
int must_reinit;
int needs_reinit = 0;
int first_slice = h == h0 && !h0->current_slice;
int frame_num;
PPS *pps;
h->me.qpel_put = h->h264qpel.put_h264_qpel_pixels_tab;
@ -3333,7 +3334,15 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
init_dequant_tables(h);
}
h->frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num);
frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num);
if (!first_slice) {
if (h0->frame_num != frame_num) {
av_log(h->avctx, AV_LOG_ERROR, "Frame num change from %d to %d\n",
h0->frame_num, frame_num);
return AVERROR_INVALIDDATA;
}
}
h->frame_num = frame_num;
h->mb_mbaff = 0;
h->mb_aff_frame = 0;