[FFmpeg-cvslog] [ffmpeg] branch master updated. 76827a6f3b lavc/hevc: Fix usage of slice segment in invalid state

[ffmpeg-git--- via ffmpeg-cvslog]

The branch, master has been updated
       via  76827a6f3bdc908a52b6f534c5b668e8e5f781b9 (commit)
      from  069d465895d6dd98acc4ce997cdf0b1459b37776 (commit)


- Log -----------------------------------------------------------------
commit 76827a6f3bdc908a52b6f534c5b668e8e5f781b9
Author:     Frank Plowman <p...@frankplowman.com>
AuthorDate: Sat Nov 8 18:35:51 2025 +0000
Commit:     Zhao Zhili <qu...@noreply.code.ffmpeg.org>
CommitDate: Mon Nov 24 05:08:58 2025 +0000

    lavc/hevc: Fix usage of slice segment in invalid state
    
    Previously, we set s->slice_initialized to 0 to prevent other slice
    segments from depending on this slice segment only if hls_slice_header
    failed.  If decode_slice fails for some other reason, however, before
    decode_slice_data is called to bring the context back into a consistent
    state, then slices could depend on this slice segment while it is in an
    invalid state.  This can cause segmentation faults and other sorts of
    nastiness.  Patch fixes this by always setting s->slice_initialized to 0
    while the state is inconsistent.
    
    Resolves #11652.

diff --git a/libavcodec/hevc/hevcdec.c b/libavcodec/hevc/hevcdec.c
index 3f471dbc14..531d1c26f3 100644
--- a/libavcodec/hevc/hevcdec.c
+++ b/libavcodec/hevc/hevcdec.c
@@ -3411,7 +3411,6 @@ fail:
         ff_hevc_unref_frame(l->cur_frame, ~0);
     l->cur_frame = NULL;
     s->cur_frame = s->collocated_ref = NULL;
-    s->slice_initialized = 0;
     return ret;
 }
 
@@ -3544,9 +3543,11 @@ static int decode_slice(HEVCContext *s, unsigned 
nal_idx, GetBitContext *gb)
         return 0;
 
     ret = hls_slice_header(&s->sh, s, gb);
+    // Once hls_slice_header has been called, the context is inconsistent with 
the slice header
+    // until the context is reinitialized according to the contents of the new 
slice header
+    // at the start of decode_slice_data.
+    s->slice_initialized = 0;
     if (ret < 0) {
-        // hls_slice_header() does not cleanup on failure thus the state now 
is inconsistent so we cannot use it on dependent slices
-        s->slice_initialized = 0;
         return ret;
     }
 

-----------------------------------------------------------------------

Summary of changes:
 libavcodec/hevc/hevcdec.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)


hooks/post-receive
-- 

_______________________________________________
ffmpeg-cvslog mailing list -- ffmpeg-cvslog@ffmpeg.org
To unsubscribe send an email to ffmpeg-cvslog-le...@ffmpeg.org