On Fri, Jul 27, 2012 at 09:10:50PM +0600, Mashiat Sarker Shakkhar wrote:
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer <[email protected]>
> ---
> libavcodec/vc1dec.c | 14 ++++++++++----
> 1 files changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
> index 3feb312..2ff1315 100644
> --- a/libavcodec/vc1dec.c
> +++ b/libavcodec/vc1dec.c
> @@ -5583,11 +5583,17 @@ static int vc1_decode_frame(AVCodecContext *avctx,
> void *data,
> }
> if (i) {
> v->pic_header_flag = 0;
> - if (v->field_mode && i == n_slices1 + 2)
> - ff_vc1_parse_frame_header_adv(v, &s->gb);
> - else if (get_bits1(&s->gb)) {
> + if (v->field_mode && i == n_slices1 + 2) {
> + if (ff_vc1_parse_frame_header_adv(v, &s->gb) < 0) {
> + av_log(v->s.avctx, AV_LOG_ERROR, "slice header
> damaged\n");
Isn't it _field_ header in this case?
> + continue;
> + }
> + } else if (get_bits1(&s->gb)) {
> v->pic_header_flag = 1;
> - ff_vc1_parse_frame_header_adv(v, &s->gb);
> + if (ff_vc1_parse_frame_header_adv(v, &s->gb) < 0) {
> + av_log(v->s.avctx, AV_LOG_ERROR, "slice header
> damaged\n");
> + continue;
> + }
> }
> }
> s->start_mb_y = (i == 0) ? 0 : FFMAX(0, slices[i-1].mby_start %
> mb_height);
> --
Otherwise LGTM
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
