[Ffmpeg-devel] h264 decoder bug
Wed Aug 16 14:49:57 CEST 2006
There is a nasty little bug in h264.c.
In function decode_residual(), the variable total_coeff is assigned through
a call to pred_non_zero_count() which limits the return value to a maximum
of 31, however the variable total_coeff is then used to access the elements
in the coeff_token_table_index array which only contains 16 items. As you
would expect, this causes a crash.
More information about the ffmpeg-devel