[FFmpeg-cvslog] avcodec/h264_slice: Use w/h from the AVFrame instead of mb_w/h
Michael Niedermayer
git at videolan.org
Sat Jul 18 20:46:04 CEST 2015
ffmpeg | branch: release/2.7 | Michael Niedermayer <michaelni at gmx.at> | Tue Jun 30 19:37:12 2015 +0200| [65aac419e53a7f6ed6df1e6bebfc31c6aff3321a] | committer: Michael Niedermayer
avcodec/h264_slice: Use w/h from the AVFrame instead of mb_w/h
Fixes out of array access
Fixes: asan_heap-oob_4d5bb0_682_cov_3124593265_Fraunhofer__a_driving_force_in_innovation__small.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 330863c9f19a23c500ba7901a23f1cc377b353bb)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=65aac419e53a7f6ed6df1e6bebfc31c6aff3321a
---
libavcodec/h264_slice.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index 0712f2d..968e3ec 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1558,8 +1558,8 @@ int ff_h264_decode_slice_header(H264Context *h, H264SliceContext *sl)
(const uint8_t **)prev->f->data,
prev->f->linesize,
prev->f->format,
- h->mb_width * 16,
- h->mb_height * 16);
+ prev->f->width,
+ prev->f->height);
h->short_ref[0]->poc = prev->poc + 2;
}
h->short_ref[0]->frame_num = h->prev_frame_num;
More information about the ffmpeg-cvslog
mailing list