Changeset 96fca586a4d2b5e03545733acde884326616bca8

Show
Ignore:
Timestamp:
03/31/08 10:17:53 (5 months ago)
Author:
Jean-Paul Saman <jpsaman@videolan.org>
git-committer:
Jean-Paul Saman <jpsaman@videolan.org> 1206951473 +0200
git-parent:

[ab4e8a39d0b2d9c2998d7ab248b83463fd67f2a1]

git-author:
Rafaël Carré <funman@videolan.org> 1206949078 +0200
Message:

Really fix H264 packetizing: abort PacketizeAVC1() if computed size is too huge

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • modules/packetizer/h264.c

    rab4e8a3 r96fca58  
    448448        } 
    449449 
    450         if( i_size > 0 && i_size < p_block->i_buffer ) 
    451         { 
    452             block_t *p_part = nal_get_annexeb( p_dec, p, i_size ); 
    453             if( !p_part ) 
    454             { 
    455                 block_Release( p_block ); 
    456                 return NULL; 
    457             } 
    458             p_part->i_dts = p_block->i_dts; 
    459             p_part->i_pts = p_block->i_pts; 
    460  
    461             /* Parse the NAL */ 
    462             if( ( p_pic = ParseNALBlock( p_dec, p_part ) ) ) 
    463             { 
    464                 block_ChainAppend( &p_ret, p_pic ); 
    465             } 
     450        if( i_size <= 0 || 
     451            i_size >= ( p - p_block->p_buffer + p_block->i_buffer ) ) 
     452        { 
     453            msg_Err( p_dec, "Broken frame : size %d is too big", i_size ); 
     454            break; 
     455        } 
     456 
     457        block_t *p_part = nal_get_annexeb( p_dec, p, i_size ); 
     458        if( !p_part ) 
     459            break; 
     460        p_part->i_dts = p_block->i_dts; 
     461        p_part->i_pts = p_block->i_pts; 
     462 
     463        /* Parse the NAL */ 
     464        if( ( p_pic = ParseNALBlock( p_dec, p_part ) ) ) 
     465        { 
     466            block_ChainAppend( &p_ret, p_pic ); 
    466467        } 
    467468        p += i_size;