From 732f9fcfe54fc9a0a7bbce53fe86b38744c2d301 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Thu, 29 Mar 2012 16:37:09 -0700 Subject: [PATCH] h264: additional protection against unsupported size/bitdepth changes. Fixes crashes in codepaths not covered by original checks. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/h264.c | 4 ++-- libavcodec/h264_ps.c | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 890dd223f3..6ed251ecf2 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2971,10 +2971,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0) if (s->context_initialized && (s->width != s->avctx->width || s->height != s->avctx->height || av_cmp_q(h->sps.sar, s->avctx->sample_aspect_ratio))) { - if (h != h0) { + if (h != h0 || (HAVE_THREADS && h->s.avctx->active_thread_type & FF_THREAD_FRAME)) { av_log_missing_feature(s->avctx, "Width/height changing with threads is", 0); - return -1; // width / height changed during parallelized decoding + return AVERROR_PATCHWELCOME; // width / height changed during parallelized decoding } free_tables(h, 0); flush_dpb(s->avctx); diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 354469c9ad..3f53af82a2 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -475,6 +475,9 @@ int ff_h264_decode_picture_parameter_set(H264Context *h, int bit_length){ if(pps_id >= MAX_PPS_COUNT) { av_log(h->s.avctx, AV_LOG_ERROR, "pps_id (%d) out of range\n", pps_id); return -1; + } else if (h->sps.bit_depth_luma > 10) { + av_log(h->s.avctx, AV_LOG_ERROR, "Unimplemented luma bit depth=%d (max=10)\n", h->sps.bit_depth_luma); + return AVERROR_PATCHWELCOME; } pps= av_mallocz(sizeof(PPS));