Module: libav Branch: master Commit: 1a8c6917f68f7378465e18f7615762bfd22704c2
Author: Jindřich Makovička <[email protected]> Committer: Anton Khirnov <[email protected]> Date: Sat Sep 29 11:16:45 2012 +0200 h264: avoid stuck buffer pointer in decode_nal_units When decode_nal_units() previously encountered a NAL_END_SEQUENCE, and there are some junk bytes left in the input buffer, but no start codes, buf_index gets stuck 3 bytes before the end of the buffer. This can trigger an infinite loop in the caller code, eg. in try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes, with 3 bytes of the input packet still available. With this change, the remaining bytes are skipped so the whole packet gets consumed. CC:[email protected] Signed-off-by: Jindřich Makovička <[email protected]> Signed-off-by: Anton Khirnov <[email protected]> --- libavcodec/h264.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 99cf5dc..5de7f10 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3694,8 +3694,10 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size) buf[buf_index + 2] == 1) break; - if (buf_index + 3 >= buf_size) + if (buf_index + 3 >= buf_size) { + buf_index = buf_size; break; + } buf_index += 3; if (buf_index >= next_avc) _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
