Merge commit '76f7e70aa04fc5dbef5242b11cbf8fe4499f61d4'
authorClément Bœsch <cboesch@gopro.com>
Tue, 31 Jan 2017 16:17:21 +0000 (17:17 +0100)
committerClément Bœsch <cboesch@gopro.com>
Tue, 31 Jan 2017 16:23:14 +0000 (17:23 +0100)
* commit '76f7e70aa04fc5dbef5242b11cbf8fe4499f61d4':
  h264dec: handle zero-sized NAL units in get_last_needed_nal()

See 641dccc2aa5e0bf6b3c06998f9a7f24a5cf725e7

Merged-by: Clément Bœsch <cboesch@gopro.com>
1  2 
libavcodec/h264dec.c

@@@ -536,9 -478,7 +536,8 @@@ static const uint8_t start_code[] = { 0
  static int get_last_needed_nal(H264Context *h)
  {
      int nals_needed = 0;
-     int i;
-     int ret;
 +    int first_slice = 0;
+     int i, ret;
  
      for (i = 0; i < h->pkt.nb_nals; i++) {
          H2645NAL *nal = &h->pkt.nals[i];
          case H264_NAL_DPA:
          case H264_NAL_IDR_SLICE:
          case H264_NAL_SLICE:
-             ret = init_get_bits8(&gb, nal->data + 1, (nal->size - 1));
-             if (ret < 0)
-                 return ret;
+             ret = init_get_bits8(&gb, nal->data + 1, nal->size - 1);
+             if (ret < 0) {
+                 av_log(h->avctx, AV_LOG_ERROR, "Invalid zero-sized VCL NAL unit\n");
+                 if (h->avctx->err_recognition & AV_EF_EXPLODE)
+                     return ret;
+                 break;
+             }
 -            if (!get_ue_golomb(&gb))
 +            if (!get_ue_golomb_long(&gb) ||  // first_mb_in_slice
 +                !first_slice ||
 +                first_slice != nal->type)
                  nals_needed = i;
 +            if (!first_slice)
 +                first_slice = nal->type;
          }
      }