ffmpeg | branch: release/2.2 | Michael Niedermayer <michae...@gmx.at> | Sat Feb
7 02:06:20 2015 +0100| [e6093f5b85b3b938576d284a54833ecc0b7ebe96] | committer:
Michael Niedermayer
avcodec/h264_slice: Do not change frame_num after the first slice
Fixes potential race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michae...@gmx.at>
(cherry picked from commit f906982c9411f3062e3ce68013309b37c213c4dd)
Signed-off-by: Michael Niedermayer <michae...@gmx.at>
Conflicts:
libavcodec/h264_slice.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e6093f5b85b3b938576d284a54833ecc0b7ebe96
---
libavcodec/h264.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 08010c7..230f907 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -3507,6 +3507,7 @@ static int decode_slice_header(H264Context *h,
H264Context *h0)
int needs_reinit = 0;
int field_pic_flag, bottom_field_flag;
int first_slice = h == h0 && !h0->current_slice;
+ int frame_num;
PPS *pps;
h->me.qpel_put = h->h264qpel.put_h264_qpel_pixels_tab;
@@ -3710,7 +3711,15 @@ static int decode_slice_header(H264Context *h,
H264Context *h0)
init_dequant_tables(h);
}
- h->frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num);
+ frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num);
+ if (!first_slice) {
+ if (h0->frame_num != frame_num) {
+ av_log(h->avctx, AV_LOG_ERROR, "Frame num change from %d to %d\n",
+ h0->frame_num, frame_num);
+ return AVERROR_INVALIDDATA;
+ }
+ }
+ h->frame_num = frame_num;
h->mb_mbaff = 0;
h->mb_aff_frame = 0;
_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
