h264: reset data_partitioning if decoding the slice header for NAL_DP…

…A fails If it was set before then we can end up trying to decode a slice without a valid slice header, which can lead to invalid memory access. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org
id3as · Jan 3, 2014 · 58312b2 · 58312b2
1 parent e89aa4b
commit 58312b2
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
@@ -4725,8 +4725,13 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size,
                 hx->intra_gb_ptr =
                 hx->inter_gb_ptr = NULL;
 
-                if ((err = decode_slice_header(hx, h)) < 0)
+                if ((err = decode_slice_header(hx, h)) < 0) {
+                    /* make sure data_partitioning is cleared if it was set
+                     * before, so we don't try decoding a slice without a valid
+                     * slice header later */
+                    h->data_partitioning = 0;
                     break;
+                }
 
                 hx->data_partitioning = 1;
                 break;