[vlc-commits] packetizer: h264: fix read check on total avcc size computation

Francois Cartegnie git at videolan.org
Wed Mar 29 10:41:13 CEST 2017 

vlc | branch: master | Francois Cartegnie <fcvlcdev at free.fr> | Tue Mar 28 16:16:32 2017 +0200| [704a10e1d1209fdb78b463c9faf602fcc7ebadf1] | committer: Francois Cartegnie

packetizer: h264: fix read check on total avcc size computation

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=704a10e1d1209fdb78b463c9faf602fcc7ebadf1
---

 modules/packetizer/dts.c      |  4 ++--
 modules/packetizer/h264_nal.c | 12 +++++++++---
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/modules/packetizer/dts.c b/modules/packetizer/dts.c
index 5e8de67..cb2a4b9 100644
--- a/modules/packetizer/dts.c
+++ b/modules/packetizer/dts.c
@@ -216,9 +216,9 @@ static block_t *PacketizeBlock( decoder_t *p_dec, block_t **pp_block )
                     return NULL;
                 break;
             }
+            /* Even frame size is likely incorrect FSIZE #18166.
+             * Sync minus one byte, we can always sync 1 byte further */
             p_sys->i_input_size = p_sys->i_next_offset
-                                /* Even frame size is likely incorrect FSIZE.
-                                 * Sync minus one byte, we can always sync 1 byte further */
                                 = (p_sys->dts.i_frame_size % 2) ? p_sys->dts.i_frame_size - 1
                                                                 : p_sys->dts.i_frame_size;
             p_sys->i_state = STATE_NEXT_SYNC;
diff --git a/modules/packetizer/h264_nal.c b/modules/packetizer/h264_nal.c
index 82f3024..db494bf 100644
--- a/modules/packetizer/h264_nal.c
+++ b/modules/packetizer/h264_nal.c
@@ -101,12 +101,12 @@ static size_t get_avcC_to_AnnexB_NAL_size( const uint8_t *p_buf, size_t i_buf )
 {
     size_t i_total = 0;
 
-    p_buf += 5;
-    i_buf -= 5;
-
     if( i_buf < H264_MIN_AVCC_SIZE )
         return 0;
 
+    p_buf += 5;
+    i_buf -= 5;
+
     for ( unsigned int j = 0; j < 2; j++ )
     {
         /* First time is SPS, Second is PPS */
@@ -115,6 +115,9 @@ static size_t get_avcC_to_AnnexB_NAL_size( const uint8_t *p_buf, size_t i_buf )
 
         for ( unsigned int i = 0; i < i_loop_end; i++ )
         {
+            if( i_buf < 2 )
+                return 0;
+
             uint16_t i_nal_size = (p_buf[0] << 8) | p_buf[1];
             if(i_nal_size > i_buf - 2)
                 return 0;
@@ -122,6 +125,9 @@ static size_t get_avcC_to_AnnexB_NAL_size( const uint8_t *p_buf, size_t i_buf )
             p_buf += i_nal_size + 2;
             i_buf -= i_nal_size + 2;
         }
+
+        if( j == 0 && i_buf < 1 )
+            return 0;
     }
     return i_total;
 }

More information about the vlc-commits mailing list