1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00

avcodec/h264_slice: Dont reset mb_aff_frame per slice

Fixes null pointer dereference
Fixes Ticket4440

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2015-04-08 12:29:47 +02:00
parent 795199fca4
commit 386601286f

View File

@ -1198,6 +1198,7 @@ int ff_h264_decode_slice_header(H264Context *h, H264SliceContext *sl)
int field_pic_flag, bottom_field_flag;
int first_slice = sl == h->slice_ctx && !h->current_slice;
int frame_num, picture_structure, droppable;
int mb_aff_frame, last_mb_aff_frame;
PPS *pps;
h->qpel_put = h->h264qpel.put_h264_qpel_pixels_tab;
@ -1433,12 +1434,13 @@ int ff_h264_decode_slice_header(H264Context *h, H264SliceContext *sl)
}
sl->mb_mbaff = 0;
h->mb_aff_frame = 0;
last_mb_aff_frame = h->mb_aff_frame;
last_pic_structure = h->picture_structure;
last_pic_droppable = h->droppable;
droppable = h->nal_ref_idc == 0;
if (h->sps.frame_mbs_only_flag) {
picture_structure = PICT_FRAME;
mb_aff_frame = 0;
} else {
if (!h->sps.direct_8x8_inference_flag && slice_type == AV_PICTURE_TYPE_B) {
av_log(h->avctx, AV_LOG_ERROR, "This stream was generated by a broken encoder, invalid 8x8 inference\n");
@ -1451,12 +1453,13 @@ int ff_h264_decode_slice_header(H264Context *h, H264SliceContext *sl)
picture_structure = PICT_TOP_FIELD + bottom_field_flag;
} else {
picture_structure = PICT_FRAME;
h->mb_aff_frame = h->sps.mb_aff;
mb_aff_frame = h->sps.mb_aff;
}
}
if (h->current_slice) {
if (last_pic_structure != picture_structure ||
last_pic_droppable != droppable) {
last_pic_droppable != droppable ||
last_mb_aff_frame != mb_aff_frame) {
av_log(h->avctx, AV_LOG_ERROR,
"Changing field mode (%d -> %d) between slices is not allowed\n",
last_pic_structure, h->picture_structure);
@ -1472,6 +1475,7 @@ int ff_h264_decode_slice_header(H264Context *h, H264SliceContext *sl)
h->picture_structure = picture_structure;
h->droppable = droppable;
h->frame_num = frame_num;
h->mb_aff_frame = mb_aff_frame;
sl->mb_field_decoding_flag = picture_structure != PICT_FRAME;
if (h->current_slice == 0) {