[FFmpeg-cvslog] avcodec/svq3: Reintroduce slice_type

2016-09-28 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Thu Sep  8 21:15:55 2016 +0200| [ed1c6f701a7861c77e89530d081e87da6fb3d3a7] | 
committer: Michael Niedermayer

avcodec/svq3: Reintroduce slice_type

Fixes out of array read
Fixes: 
1642cd3962249d6aaf0eec2836023fb6/signal_sigsegv_2557a72_2995_04efaf2ff57a052f609a3b4a2ea4e622.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 2d3099ad8ee67a4612633ea02c7fce10e5537579)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed1c6f701a7861c77e89530d081e87da6fb3d3a7
---

 libavcodec/svq3.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index 5e7d164..8c176f6 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -102,6 +102,7 @@ typedef struct SVQ3Context {
 int prev_frame_num;
 
 enum AVPictureType pict_type;
+enum AVPictureType slice_type;
 int low_delay;
 
 int mb_x, mb_y;
@@ -1057,7 +1058,7 @@ static int svq3_decode_slice_header(AVCodecContext *avctx)
 return -1;
 }
 
-s->pict_type = ff_h264_golomb_to_pict_type[slice_id];
+s->slice_type = ff_h264_golomb_to_pict_type[slice_id];
 
 if ((header & 0x9F) == 2) {
 i = (s->mb_num < 64) ? 6 : (1 + av_log2(s->mb_num - 1));
@@ -1426,6 +1427,8 @@ static int svq3_decode_frame(AVCodecContext *avctx, void 
*data,
 if (svq3_decode_slice_header(avctx))
 return -1;
 
+s->pict_type = s->slice_type;
+
 if (s->pict_type != AV_PICTURE_TYPE_B)
 FFSWAP(H264Picture*, s->next_pic, s->last_pic);
 
@@ -1539,6 +1542,9 @@ static int svq3_decode_frame(AVCodecContext *avctx, void 
*data,
 if (svq3_decode_slice_header(avctx))
 return -1;
 }
+if (s->slice_type != s->pict_type) {
+avpriv_request_sample(avctx, "non constant slice type\n");
+}
 /* TODO: support s->mb_skip_run */
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/svq3: Reintroduce slice_type

2016-09-08 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Thu 
Sep  8 21:15:55 2016 +0200| [2d3099ad8ee67a4612633ea02c7fce10e5537579] | 
committer: Michael Niedermayer

avcodec/svq3: Reintroduce slice_type

Fixes out of array read
Fixes: 
1642cd3962249d6aaf0eec2836023fb6/signal_sigsegv_2557a72_2995_04efaf2ff57a052f609a3b4a2ea4e622.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d3099ad8ee67a4612633ea02c7fce10e5537579
---

 libavcodec/svq3.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index 653a6db..5aedc1e 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -115,6 +115,7 @@ typedef struct SVQ3Context {
 int prev_frame_num;
 
 enum AVPictureType pict_type;
+enum AVPictureType slice_type;
 int low_delay;
 
 int mb_x, mb_y;
@@ -1070,7 +1071,7 @@ static int svq3_decode_slice_header(AVCodecContext *avctx)
 return -1;
 }
 
-s->pict_type = ff_h264_golomb_to_pict_type[slice_id];
+s->slice_type = ff_h264_golomb_to_pict_type[slice_id];
 
 if ((header & 0x9F) == 2) {
 i = (s->mb_num < 64) ? 6 : (1 + av_log2(s->mb_num - 1));
@@ -1439,6 +1440,8 @@ static int svq3_decode_frame(AVCodecContext *avctx, void 
*data,
 if (svq3_decode_slice_header(avctx))
 return -1;
 
+s->pict_type = s->slice_type;
+
 if (s->pict_type != AV_PICTURE_TYPE_B)
 FFSWAP(SVQ3Frame*, s->next_pic, s->last_pic);
 
@@ -1552,6 +1555,9 @@ static int svq3_decode_frame(AVCodecContext *avctx, void 
*data,
 if (svq3_decode_slice_header(avctx))
 return -1;
 }
+if (s->slice_type != s->pict_type) {
+avpriv_request_sample(avctx, "non constant slice type\n");
+}
 /* TODO: support s->mb_skip_run */
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog