[FFmpeg-cvslog] Merge commit '71d3305c2711d4f6ec8b92db09ff64cf4e19a58e'

Derek Buitenhuis git at videolan.org
Tue May 17 16:19:39 CEST 2016


ffmpeg | branch: master | Derek Buitenhuis <derek.buitenhuis at gmail.com> | Tue May 17 15:18:43 2016 +0100| [d55568d22a5a6e59c087b8614227d5a0a3da4164] | committer: Derek Buitenhuis

Merge commit '71d3305c2711d4f6ec8b92db09ff64cf4e19a58e'

* commit '71d3305c2711d4f6ec8b92db09ff64cf4e19a58e':
  h264_parse: make sure the ref count is zeroed on all failure paths

Merged-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d55568d22a5a6e59c087b8614227d5a0a3da4164
---

 libavcodec/h264_parse.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavcodec/h264_parse.c b/libavcodec/h264_parse.c
index 5153ddc..4f125b5 100644
--- a/libavcodec/h264_parse.c
+++ b/libavcodec/h264_parse.c
@@ -218,7 +218,7 @@ int ff_h264_parse_ref_count(int *plist_count, int ref_count[2],
                    ref_count[0] - 1, max[0], ref_count[1] - 1, max[1]);
             ref_count[0] = ref_count[1] = 0;
             *plist_count = 0;
-            return AVERROR_INVALIDDATA;
+            goto fail;
         }
 
         if (slice_type_nos == AV_PICTURE_TYPE_B)
@@ -233,4 +233,9 @@ int ff_h264_parse_ref_count(int *plist_count, int ref_count[2],
     *plist_count = list_count;
 
     return 0;
+fail:
+    *plist_count = 0;
+    ref_count[0] = 0;
+    ref_count[1] = 0;
+    return AVERROR_INVALIDDATA;
 }


======================================================================

diff --cc libavcodec/h264_parse.c
index 5153ddc,bd1a50e..4f125b5
--- a/libavcodec/h264_parse.c
+++ b/libavcodec/h264_parse.c
@@@ -206,19 -193,13 +206,19 @@@ int ff_h264_parse_ref_count(int *plist_
  
          if (num_ref_idx_active_override_flag) {
              ref_count[0] = get_ue_golomb(gb) + 1;
 -            if (ref_count[0] < 1)
 -                goto fail;
              if (slice_type_nos == AV_PICTURE_TYPE_B) {
                  ref_count[1] = get_ue_golomb(gb) + 1;
 -                if (ref_count[1] < 1)
 -                    goto fail;
 -            }
 +            } else
 +                // full range is spec-ok in this case, even for frames
 +                ref_count[1] = 1;
 +        }
 +
 +        if (ref_count[0] - 1 > max[0] || ref_count[1] - 1 > max[1]) {
 +            av_log(logctx, AV_LOG_ERROR, "reference overflow %u > %u or %u > %u\n",
 +                   ref_count[0] - 1, max[0], ref_count[1] - 1, max[1]);
 +            ref_count[0] = ref_count[1] = 0;
 +            *plist_count = 0;
-             return AVERROR_INVALIDDATA;
++            goto fail;
          }
  
          if (slice_type_nos == AV_PICTURE_TYPE_B)



More information about the ffmpeg-cvslog mailing list