On 2014-01-19 19:49:02 +0100, Anton Khirnov wrote:
> Prevents using GetBitContexts with data from previous calls.
>
> Fixes access to freed memory.
>
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> CC:libav-sta...@libav.org
> ---
> libavcodec/h264.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/h264.c b/libavcodec/h264.c
> index d43b11e..affff36 100644
> --- a/libavcodec/h264.c
> +++ b/libavcodec/h264.c
> @@ -1763,7 +1763,6 @@ static int decode_update_thread_context(AVCodecContext
> *dst,
> h->picture_structure = h1->picture_structure;
> h->qscale = h1->qscale;
> h->droppable = h1->droppable;
> - h->data_partitioning = h1->data_partitioning;
> h->low_delay = h1->low_delay;
>
> for (i = 0; i < MAX_PICTURE_COUNT; i++) {
> @@ -4750,6 +4749,13 @@ again:
> }
> break;
> case NAL_DPA:
> + if (h->avctx->flags & CODEC_FLAG2_CHUNKS) {
> + av_log(h->avctx, AV_LOG_ERROR,
> + "Decoding in chunks is not supported for "
> + "partitioned slices.\n");
> + return AVERROR(ENOSYS);
> + }
> +
> init_get_bits(&hx->gb, ptr, bit_length);
> hx->intra_gb_ptr =
> hx->inter_gb_ptr = NULL;
> @@ -4899,6 +4905,9 @@ static int h264_decode_frame(AVCodecContext *avctx,
> void *data,
> int ret;
>
> h->flags = avctx->flags;
> + /* reset data partitioning here, to ensure GetBitContexts from previous
> + * packets do not get used. */
> + h->data_partitioning = 0;
>
> /* end of stream, output what is still in the buffers */
> out:
ok
Janne
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
