From 2d22d4307dcc1461f39a2ffb9c8db6c6b23fd080 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Thu, 29 Mar 2012 12:24:10 -0700 Subject: [PATCH] h263: more strictly forbid frame size changes with frame-mt. Prevents crashes because the old check was incomplete. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/h263dec.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index cfd9a77edb..6dba8ce1a0 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -430,6 +430,13 @@ retry: if (ret < 0){ av_log(s->avctx, AV_LOG_ERROR, "header damaged\n"); return -1; + } else if ((s->width != avctx->coded_width || + s->height != avctx->coded_height || + (s->width + 15) >> 4 != s->mb_width || + (s->height + 15) >> 4 != s->mb_height) && + (HAVE_THREADS && (s->avctx->active_thread_type & FF_THREAD_FRAME))) { + av_log_missing_feature(s->avctx, "Width/height/bit depth/chroma idc changing with threads is", 0); + return AVERROR_PATCHWELCOME; // width / height changed during parallelized decoding } avctx->has_b_frames= !s->low_delay; @@ -571,11 +578,6 @@ retry: /* H.263 could change picture size any time */ ParseContext pc= s->parse_context; //FIXME move these demuxng hack to avformat - if (HAVE_THREADS && (s->avctx->active_thread_type&FF_THREAD_FRAME)) { - av_log_missing_feature(s->avctx, "Width/height/bit depth/chroma idc changing with threads is", 0); - return -1; // width / height changed during parallelized decoding - } - s->parse_context.buffer=0; ff_MPV_common_end(s); s->parse_context= pc;