From 8b031359589dbe4ad207f014325c3341b795b625 Mon Sep 17 00:00:00 2001
From: Loren Merritt <lorenm@u.washington.edu>
Date: Tue, 14 Feb 2006 05:40:53 +0000
Subject: [PATCH] fix some crashes on negative nalsize.

Originally committed as revision 5022 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/h264.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 4c2f0cb..a90f9fa 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -7507,6 +7507,15 @@ static int decode_nal_units(H264Context *h, uint8_t *buf, int buf_size){
         nalsize = 0;
         for(i = 0; i < h->nal_length_size; i++)
             nalsize = (nalsize << 8) | buf[buf_index++];
+        if(nalsize <= 1){
+            if(nalsize == 1){
+                buf_index++;
+                continue;
+            }else{
+                av_log(h->s.avctx, AV_LOG_ERROR, "AVC: nal size %d\n", nalsize);
+                break;
+            }
+        }
       } else {
         // start code prefix search
         for(; buf_index + 3 < buf_size; buf_index++){
-- 
2.7.4