From a083f53c453846811f11ae650f047cdfdef18ae2 Mon Sep 17 00:00:00 2001
From: Alexander Chemeris <ipse.ffmpeg@gmail.com>
Date: Tue, 5 Dec 2006 22:18:19 +0000
Subject: [PATCH] fix crash when decoding a truncated H264 slice patch by
 Alexander Chemeris % ipse P ffmpeg A gmail.com % Original thread: date: Dec
 5, 2006 7:26 PM subject: [Ffmpeg-devel] [PATCH] Fix crush when truncated
 slice passed to H.264 decoder

Originally committed as revision 7229 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/h264.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 1c02adc314..73d10c8b2d 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -4883,6 +4883,10 @@ static int decode_residual(H264Context *h, GetBitContext *gb, DCTELEM *block, in
 
     if(total_coeff==0)
         return 0;
+    if(total_coeff<0) {
+        av_log(h->s.avctx, AV_LOG_ERROR, "corrupted macroblock %d %d (total_coeff<0)\n", s->mb_x, s->mb_y);
+        return -1;
+    }
 
     trailing_ones= coeff_token&3;
     tprintf("trailing:%d, total:%d\n", trailing_ones, total_coeff);