[FFmpeg-cvslog] vc1dec: dont decode slices when the slice header failed to decode.

Michael Niedermayer git at videolan.org
Tue Feb 19 22:04:18 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Feb 19 21:40:09 2013 +0100| [ce153eef8ffdd10ead74ad4646eb784be1c5b107] | committer: Michael Niedermayer

vc1dec: dont decode slices when the slice header failed to decode.

Fixes assertion failure

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ce153eef8ffdd10ead74ad4646eb784be1c5b107
---

 libavcodec/vc1dec.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index a3476fd..ada8375 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -5640,6 +5640,8 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data,
                 goto err;
         }
     } else {
+        int header_ret = 0;
+
         if (v->fcm == ILACE_FRAME && s->pict_type == AV_PICTURE_TYPE_B)
             goto err; // This codepath is still incomplete thus it is disabled
 
@@ -5683,18 +5685,20 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data,
             if (i) {
                 v->pic_header_flag = 0;
                 if (v->field_mode && i == n_slices1 + 2) {
-                    if (ff_vc1_parse_frame_header_adv(v, &s->gb) < 0) {
+                    if ((header_ret = ff_vc1_parse_frame_header_adv(v, &s->gb)) < 0) {
                         av_log(v->s.avctx, AV_LOG_ERROR, "Field header damaged\n");
                         continue;
                     }
                 } else if (get_bits1(&s->gb)) {
                     v->pic_header_flag = 1;
-                    if (ff_vc1_parse_frame_header_adv(v, &s->gb) < 0) {
+                    if ((header_ret = ff_vc1_parse_frame_header_adv(v, &s->gb)) < 0) {
                         av_log(v->s.avctx, AV_LOG_ERROR, "Slice header damaged\n");
                         continue;
                     }
                 }
             }
+            if (header_ret < 0)
+                continue;
             s->start_mb_y = (i == 0) ? 0 : FFMAX(0, slices[i-1].mby_start % mb_height);
             if (!v->field_mode || v->second_field)
                 s->end_mb_y = (i == n_slices     ) ? mb_height : FFMIN(mb_height, slices[i].mby_start % mb_height);



More information about the ffmpeg-cvslog mailing list