[vlc-devel] commit: Really fix H264 packetizing: abort PacketizeAVC1() if computed size is too huge ( Rafaël Carré )
git version control
git at videolan.org
Mon Mar 31 15:03:07 CEST 2008
vlc | branch: 0.8.6-bugfix | Rafaël Carré <funman at videolan.org> | Mon Mar 31 09:37:58 2008 +0200| [f928f7dbfc835398f88230b6ef4dc2ebb2cd153f]
Really fix H264 packetizing: abort PacketizeAVC1() if computed size is too huge
(cherry picked from commit 96fca586a4d2b5e03545733acde884326616bca8)
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=f928f7dbfc835398f88230b6ef4dc2ebb2cd153f
---
modules/packetizer/h264.c | 29 +++++++++++++++--------------
1 files changed, 15 insertions(+), 14 deletions(-)
diff --git a/modules/packetizer/h264.c b/modules/packetizer/h264.c
index cd8d95a..4223e15 100644
--- a/modules/packetizer/h264.c
+++ b/modules/packetizer/h264.c
@@ -443,22 +443,23 @@ static block_t *PacketizeAVC1( decoder_t *p_dec, block_t **pp_block )
i_size = (i_size << 8) | (*p++);
}
- if( i_size > 0 && i_size < p_block->i_buffer )
+ if( i_size <= 0 ||
+ i_size >= ( p - p_block->p_buffer + p_block->i_buffer ) )
{
- block_t *p_part = nal_get_annexeb( p_dec, p, i_size );
- if( !p_part )
- {
- block_Release( p_block );
- return NULL;
- }
- p_part->i_dts = p_block->i_dts;
- p_part->i_pts = p_block->i_pts;
+ msg_Err( p_dec, "Broken frame : size %d is too big", i_size );
+ break;
+ }
- /* Parse the NAL */
- if( ( p_pic = ParseNALBlock( p_dec, p_part ) ) )
- {
- block_ChainAppend( &p_ret, p_pic );
- }
+ block_t *p_part = nal_get_annexeb( p_dec, p, i_size );
+ if( !p_part )
+ break;
+ p_part->i_dts = p_block->i_dts;
+ p_part->i_pts = p_block->i_pts;
+
+ /* Parse the NAL */
+ if( ( p_pic = ParseNALBlock( p_dec, p_part ) ) )
+ {
+ block_ChainAppend( &p_ret, p_pic );
}
p += i_size;
}
More information about the vlc-devel
mailing list