h264: avoid stuck buffer pointer in decode_nal_units
authorJindřich Makovička <makovick@gmail.com>
Sat, 29 Sep 2012 09:16:45 +0000 (11:16 +0200)
committerReinhard Tartler <siretart@tauware.de>
Sun, 10 Feb 2013 17:01:15 +0000 (18:01 +0100)
When decode_nal_units() previously encountered a NAL_END_SEQUENCE,
and there are some junk bytes left in the input buffer, but no start codes,
buf_index gets stuck 3 bytes before the end of the buffer.

This can trigger an infinite loop in the caller code, eg. in
try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes,
with 3 bytes of the input packet still available.

With this change, the remaining bytes are skipped so the whole packet gets
consumed.

CC:libav-stable@libav.org

Signed-off-by: Jindřich Makovička <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 1a8c6917f68f7378465e18f7615762bfd22704c2)

Conflicts:

libavcodec/h264.c

libavcodec/h264.c

index c8b561d..b7eacc5 100644 (file)
@@ -7456,7 +7456,11 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
                     break;
             }
 
-            if(buf_index+3 >= buf_size) break;
+
+            if (buf_index + 3 >= buf_size) {
+                buf_index = buf_size;
+                break;
+            }
 
             buf_index+=3;
         }