#define AVCODEC_MAX_AUDIO_FRAME_SIZE 131072
/**
- * Required number of zero bytes at the end of the input bitstream for decoding.
- * to avoid overreading (and possibly segfaulting)
+ * Required number of additionally allocated bytes at the end of the input bitstream for decoding.
+ * this is mainly needed because some optimized bitstream readers read
+ * 32 or 64 bit at once and could read over the end<br>
+ * Note, if the first 23 bits of the additional bytes are not 0 then damaged
+ * MPEG bitstreams could cause overread and segfault
*/
#define FF_INPUT_BUFFER_PADDING_SIZE 8
s->mb_x = 0;
s->mb_y++;
+
+ if(s->mb_y<<field_pic >= s->mb_height){
+ int left= s->gb.size_in_bits - get_bits_count(&s->gb);
+
+ if(left < 0 || (left && show_bits(&s->gb, FFMIN(left, 23)))
+ || (avctx->error_resilience >= FF_ER_AGGRESSIVE && left>8)){
+ fprintf(stderr, "end missmatch left=%d\n", left);
+ return -1;
+ }else
+ goto eos;
+ }
}
/* skip mb handling */
}
}
}
- if(s->mb_y<<field_pic >= s->mb_height){
- fprintf(stderr, "slice too long\n");
- return -1;
- }
}
eos: // end of slice
*buf += get_bits_count(&s->gb)/8 - 1;
}
return FFMAX(0, buf_ptr - buf - s2->parse_context.last_index);
}
+
+ input_size = buf_end - buf_ptr;
+
+ if(avctx->debug & FF_DEBUG_STARTCODE){
+ printf("%3X at %d left %d\n", start_code, buf_ptr-buf, input_size);
+ }
/* prepare data for next start code */
- input_size = buf_end - buf_ptr;
switch(start_code) {
case SEQ_START_CODE:
mpeg1_decode_sequence(avctx, buf_ptr,
projects / platform / upstream / libav.git / commitdiff