[Ffmpeg-devel] [BUG] Segfault in h264 decoder on corrupt input

Thu Mar 15 19:37:32 CET 2007

Hi,

Michael Niedermayer wrote:

>> @@ -8175,7 +8178,7 @@
>>  
>>              if(decode_slice_header(h) < 0){
>>                  av_log(h->s.avctx, AV_LOG_ERROR, "decode_slice_header error\n");
>> -                break;
>> +                return -1;
>>              }
>>              s->current_picture_ptr->key_frame= (h->nal_unit_type == NAL_IDR_SLICE);
>>              if(h->redundant_pic_count==0 && s->hurry_up < 5
> 
> not ok
> 
>> @@ -8193,6 +8196,7 @@
>>  
>>              if(decode_slice_header(h) < 0){
>>                  av_log(h->s.avctx, AV_LOG_ERROR, "decode_slice_header error\n");
>> +                return -1;
>>              }
>>              break;
> 
> not ok

Michael, would you please drop a few lines why these two changes are not
ok respectively post a hint what is missing to make them ok?

I assume, that there is some cleanup code missing before "return -1;".
As you suggested for PAFF ("if the headers in h.264 say PAFF then the
damn decoder should return -1; not set picture_structure ! until PAFF is
implemented at least ...") I've tried to add this return -1, but didn't
have success so far, most likely due to some missing code before the return.

Bye.
-- 
Dipl.-Inform. (FH) Reinhard Nissl
mailto:rnissl at gmx.de