virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

avcodec/h264_slice: ignore SAR changes in slices after the first

Browse Source 
Fixes race condition and null pointer dereference
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2015-02-07 03:34:48 +01:00
parent f111831ed6
commit 38d5241b7f
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/h264_slice.c
View File

@@ -1410,13 +1410,15 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
|| 16*h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) != h->avctx->coded_height || 16*h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) != h->avctx->coded_height
|| h->avctx->bits_per_raw_sample != h->sps.bit_depth_luma || h->avctx->bits_per_raw_sample != h->sps.bit_depth_luma
|| h->cur_chroma_format_idc != h->sps.chroma_format_idc || h->cur_chroma_format_idc != h->sps.chroma_format_idc
|| av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio)
|| h->mb_width != h->sps.mb_width || h->mb_width != h->sps.mb_width
|| h->mb_height != h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) || h->mb_height != h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag)
)); ));
if (non_j_pixfmt(h0->avctx->pix_fmt) != non_j_pixfmt(get_pixel_format(h0, 0))) if (non_j_pixfmt(h0->avctx->pix_fmt) != non_j_pixfmt(get_pixel_format(h0, 0)))
must_reinit = 1; must_reinit = 1;
if (first_slice && av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio))
must_reinit = 1;
h->mb_width = h->sps.mb_width; h->mb_width = h->sps.mb_width;
h->mb_height = h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag); h->mb_height = h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag);
h->mb_num = h->mb_width * h->mb_height; h->mb_num = h->mb_width * h->mb_height;