From bb7bf175951475235ee7d0504198c4a30cf5d5dd Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 19 Feb 2013 21:40:09 +0100 Subject: [PATCH] vc1dec: Don't decode slices when the latest slice header failed to decode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö --- libavcodec/vc1dec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 4fcc818210..602b155ecb 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -5972,6 +5972,8 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, if (avctx->hwaccel->end_frame(avctx) < 0) goto err; } else { + int header_ret = 0; + ff_mpeg_er_frame_start(s); v->bits = buf_size * 8; @@ -6009,18 +6011,20 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, if (i) { v->pic_header_flag = 0; if (v->field_mode && i == n_slices1 + 2) { - if (ff_vc1_parse_frame_header_adv(v, &s->gb) < 0) { + if ((header_ret = ff_vc1_parse_frame_header_adv(v, &s->gb)) < 0) { av_log(v->s.avctx, AV_LOG_ERROR, "Field header damaged\n"); continue; } } else if (get_bits1(&s->gb)) { v->pic_header_flag = 1; - if (ff_vc1_parse_frame_header_adv(v, &s->gb) < 0) { + if ((header_ret = ff_vc1_parse_frame_header_adv(v, &s->gb)) < 0) { av_log(v->s.avctx, AV_LOG_ERROR, "Slice header damaged\n"); continue; } } } + if (header_ret < 0) + continue; s->start_mb_y = (i == 0) ? 0 : FFMAX(0, slices[i-1].mby_start % mb_height); if (!v->field_mode || v->second_field) s->end_mb_y = (i == n_slices ) ? mb_height : FFMIN(mb_height, slices[i].mby_start % mb_height);