h264: Fix a possible overread in decode_nal_units()
authorAlexander Strange <astrange@ithinksw.com>
Mon, 12 Dec 2011 23:13:39 +0000 (18:13 -0500)
committerMichael Niedermayer <michaelni@gmx.at>
Tue, 3 Jan 2012 21:27:36 +0000 (22:27 +0100)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit bc6a3bd4a544608211f006e2d2868cbed4e1fde6)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/h264.c

index b85c01f..310635f 100644 (file)
@@ -3803,7 +3803,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
         int err;
 
         if(buf_index >= next_avc) {
         int err;
 
         if(buf_index >= next_avc) {
-            if(buf_index >= buf_size) break;
+            if (buf_index >= buf_size - h->nal_length_size) break;
             nalsize = 0;
             for(i = 0; i < h->nal_length_size; i++)
                 nalsize = (nalsize << 8) | buf[buf_index++];
             nalsize = 0;
             for(i = 0; i < h->nal_length_size; i++)
                 nalsize = (nalsize << 8) | buf[buf_index++];