ffmpeg | branch: master | Niklas Haas <g...@haasn.dev> | Wed Aug 25 05:06:01 2021 +0200| [94653e0dee8d2efa85087e28249249cb3fde3d71] | committer: James Almer
avcodec/h264dec: fix possible out-of-bounds array access If slice_type is > 9, the access to ff_h264_golomb_to_pict_type is out-of-bounds. Fix this by simply setting the slice_type to 0 in this case. This is completely inconsequential because the value is only being used to being used as an offset in the calculation of the film grain seed value, a corruption of which is practically invisible. Fixes coverity ticket #1490802 Signed-off-by: James Almer <jamr...@gmail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=94653e0dee8d2efa85087e28249249cb3fde3d71 --- libavcodec/h264dec.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavcodec/h264dec.c b/libavcodec/h264dec.c index 5e5b1c1d69..c7e8b2827b 100644 --- a/libavcodec/h264dec.c +++ b/libavcodec/h264dec.c @@ -533,10 +533,8 @@ static int get_last_needed_nal(H264Context *h) first_slice != nal->type) nals_needed = i; slice_type = get_ue_golomb_31(&gb); - if (slice_type > 9) { - if (h->avctx->err_recognition & AV_EF_EXPLODE) - return AVERROR_INVALIDDATA; - } + if (slice_type > 9) + slice_type = 0; if (slice_type > 4) slice_type -= 5; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
