[Ffmpeg-devel] [BUG] Segfault in h264 decoder on corrupt input

Matthias Hopf mat
Thu Mar 15 19:52:45 CET 2007


On Mar 15, 07 19:37:32 +0100, Reinhard Nissl wrote:
> Michael Niedermayer wrote:
> >> @@ -8175,7 +8178,7 @@
> >>  
> >>              if(decode_slice_header(h) < 0){
> >>                  av_log(h->s.avctx, AV_LOG_ERROR, "decode_slice_header error\n");
> >> -                break;
> >> +                return -1;
> >>              }
> >>              s->current_picture_ptr->key_frame= (h->nal_unit_type == NAL_IDR_SLICE);
> >>              if(h->redundant_pic_count==0 && s->hurry_up < 5
> > 
> > not ok
> > 
> >> @@ -8193,6 +8196,7 @@
> >>  
> >>              if(decode_slice_header(h) < 0){
> >>                  av_log(h->s.avctx, AV_LOG_ERROR, "decode_slice_header error\n");
> >> +                return -1;
> >>              }
> >>              break;
> > 
> > not ok
> 
> Michael, would you please drop a few lines why these two changes are not
> ok respectively post a hint what is missing to make them ok?

Especially, as without these lines the segfault does *not* vanish?

> I assume, that there is some cleanup code missing before "return -1;".

That could well be, AFAIU the code I couldn't see anything. Also, I've
run several tests already, none of them crashed any more.

Thanks

Matthias

-- 
Matthias Hopf <mhopf at suse.de>      __        __   __
Maxfeldstr. 5 / 90409 Nuernberg   (_   | |  (_   |__          mat at mshopf.de
Phone +49-911-74053-715           __)  |_|  __)  |__  R & D   www.mshopf.de




More information about the ffmpeg-devel mailing list