On 8/25/2021 12:06 AM, Niklas Haas wrote:
From: Niklas Haas <g...@haasn.dev>
If slice_type is > 9, the access to ff_h264_golomb_to_pict_type is
out-of-bounds. Fix this by simply setting the slice_type to 0 in this
case.
This is completely inconsequential because the value is only being used
to being used as an offset in the calculation of the film grain seed
value, a corruption of which is practically invisible.
Fixes coverity ticket #1490802
---
libavcodec/h264dec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/h264dec.c b/libavcodec/h264dec.c
index 5e5b1c1d69..595b6c81fb 100644
--- a/libavcodec/h264dec.c
+++ b/libavcodec/h264dec.c
@@ -536,6 +536,7 @@ static int get_last_needed_nal(H264Context *h)
if (slice_type > 9) {
if (h->avctx->err_recognition & AV_EF_EXPLODE)
return AVERROR_INVALIDDATA;
Just don't abort at all. Set slice_type to 0 and let
ff_h264_queue_decode_slice() handle this.
+ slice_type = 0;
}
if (slice_type > 4)
slice_type -= 5;
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
