xenia-project/FFmpeg
1
0
Fork 0
mirror of https://github.com/xenia-project/FFmpeg.git synced 2024-11-25 04:30:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

h264: move next/last picture init to decode_slice_header

Browse Source 
This is a regression introduced from the h264/mpegvideo split
Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-02-21 20:05:43 +01:00
parent 669d50b445
commit 8036ba299d
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/h264.c
View File

@ -1726,6 +1726,8 @@ int ff_h264_frame_start(H264Context *h)
h->cur_pic.f.extended_data = h->cur_pic.f.data;
ff_er_frame_start(&h->er);
h->er.last_pic =
h->er.next_pic = NULL;
assert(h->linesize && h->uvlinesize);
@ -2737,8 +2739,6 @@ static int field_end(H264Context *h, int in_setup)
*/
if (!FIELD_PICTURE && h->current_slice && !h->sps.new) {
h->er.cur_pic = h->cur_pic_ptr;
h->er.last_pic = h->ref_count[0] ? &h->ref_list[0][0] : NULL;
h->er.next_pic = h->ref_count[1] ? &h->ref_list[1][0] : NULL;
ff_er_frame_end(&h->er);
}
emms_c();
@ -3720,6 +3720,9 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
(h->ref_list[j][i].f.reference & 3);
}
if (h->ref_count[0]) h->er.last_pic = &h->ref_list[0][0];
if (h->ref_count[1]) h->er.next_pic = &h->ref_list[1][0];
if (h->avctx->debug & FF_DEBUG_PICT_INFO) {
av_log(h->avctx, AV_LOG_DEBUG,
"slice:%d %s mb:%d %c%s%s pps:%u frame:%d poc:%d/%d ref:%d/%d qp:%d loop:%d:%d:%d weight:%d%s %s\n",