prevent going out of the buffer if the nal size does not fit in the buffer.

Patch by Mean % fixounet A free P fr %
Original thread:
Date: Apr 29, 2007 2:00 PM
Subject: Re: [Ffmpeg-devel] [patch] h264.c, dont go beyond buffer in h264_decode_nal_unit

Originally committed as revision 8858 to svn://svn.ffmpeg.org/ffmpeg/trunk

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index b5bd0a8..40dbb96 100644 (file)
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -8122,7 +8122,7 @@ static int decode_nal_units(H264Context *h, uint8_t *buf, int buf_size){
         nalsize = 0;
         for(i = 0; i < h->nal_length_size; i++)
             nalsize = (nalsize << 8) | buf[buf_index++];
-        if(nalsize <= 1 || nalsize > buf_size){
+        if(nalsize <= 1 || (nalsize+buf_index > buf_size)){
             if(nalsize == 1){
                 buf_index++;
                 continue;