OSDN Git Service
(root)
/
android-x86
/
external-ffmpeg.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
bfd26b7
)
h264: check that execute_decode_slices() is not called too many times
author
Anton Khirnov
<anton@khirnov.net>
Thu, 28 Nov 2013 09:54:35 +0000
(10:54 +0100)
committer
Anton Khirnov
<anton@khirnov.net>
Mon, 6 Jan 2014 07:25:25 +0000
(08:25 +0100)
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
libavcodec/h264.c
patch
|
blob
|
history
diff --git
a/libavcodec/h264.c
b/libavcodec/h264.c
index
c0dfa3d
..
7d49d48
100644
(file)
--- a/
libavcodec/h264.c
+++ b/
libavcodec/h264.c
@@
-4495,6
+4495,12
@@
static int execute_decode_slices(H264Context *h, int context_count)
H264Context *hx;
int i;
+ if (h->mb_y >= h->mb_height) {
+ av_log(h->avctx, AV_LOG_ERROR,
+ "Input contains more MB rows than the frame height.\n");
+ return AVERROR_INVALIDDATA;
+ }
+
if (h->avctx->hwaccel)
return 0;
if (context_count == 1) {
OSDN Git Service
