fix crash when decoding a truncated H264 slice

patch by Alexander Chemeris % ipse P ffmpeg A gmail.com %
Original thread:
date: Dec 5, 2006 7:26 PM
subject: [Ffmpeg-devel] [PATCH] Fix crush when truncated slice passed to H.264 decoder

Originally committed as revision 7229 to svn://svn.ffmpeg.org/ffmpeg/trunk

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 1c02adc3145dd359b2dc39e61939de49d496e578..73d10c8b2d0fe1a86b2d7fc23240da58b9ae4909 100644 (file)
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -4883,6 +4883,10 @@ static int decode_residual(H264Context *h, GetBitContext *gb, DCTELEM *block, in
 
     if(total_coeff==0)
         return 0;
+    if(total_coeff<0) {
+        av_log(h->s.avctx, AV_LOG_ERROR, "corrupted macroblock %d %d (total_coeff<0)\n", s->mb_x, s->mb_y);
+        return -1;
+    }
 
     trailing_ones= coeff_token&3;
     tprintf("trailing:%d, total:%d\n", trailing_ones, total_coeff);