xenia-project/FFmpeg
1
0
Fork 0
mirror of https://github.com/xenia-project/FFmpeg.git synced 2025-02-20 12:14:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

h264dec: Prevent CABAC and CAVLC bitsteram overreading

Browse Source 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2011-09-10 16:28:53 +02:00
parent 28ccda7823
commit 23f5cff92c
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
libavcodec/h264.c
View File

@ -174,20 +174,24 @@ const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, int *dst_l
i-= RS;
}
if(i>=length-1){ //no escaped 0
*dst_length= length;
*consumed= length+1; //+1 for the header
return src;
}
bufidx = h->nal_unit_type == NAL_DPC ? 1 : 0; // use second escape buffer for inter data
av_fast_malloc(&h->rbsp_buffer[bufidx], &h->rbsp_buffer_size[bufidx], length+FF_INPUT_BUFFER_PADDING_SIZE);
si=h->rbsp_buffer_size[bufidx];
av_fast_malloc(&h->rbsp_buffer[bufidx], &h->rbsp_buffer_size[bufidx], length+FF_INPUT_BUFFER_PADDING_SIZE+MAX_MBPAIR_SIZE);
dst= h->rbsp_buffer[bufidx];
if(si != h->rbsp_buffer_size[bufidx])
memset(dst + length, 0, FF_INPUT_BUFFER_PADDING_SIZE+MAX_MBPAIR_SIZE);
if (dst == NULL){
return NULL;
}
if(i>=length-1){ //no escaped 0
*dst_length= length;
*consumed= length+1; //+1 for the header
memcpy(dst, src, length);
return dst;
}
//printf("decoding esc\n");
memcpy(dst, src, i);
si=di=i;

2
libavcodec/h264.h
View File

@ -46,6 +46,8 @@
#define MAX_DELAYED_PIC_COUNT 16
#define MAX_MBPAIR_SIZE (256*1024) // a tighter bound could be calculated if someone cares about a few bytes
/* Compiling in interlaced support reduces the speed
* of progressive decoding by about 2%. */
#define ALLOW_INTERLACE