Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(310)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromium/patches/to_upstream/55_h264_nal.patch

Issue 9373002: Fix valgrind and asan memory leaks and crashes. (Closed) Base URL: ssh://gerrit.chromium.org:29418/chromium/third_party/ffmpeg.git@master
Patch Set: Make vp3 fix an ignore. Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chromium/patches/to_upstream/01_static_pthread_O2.patch ('k') | libavcodec/pthread.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff -wurp -N orig/libavcodec/h264.c ffmpeg/libavcodec/h264.c 1 diff --git a/libavcodec/h264.c b/libavcodec/h264.c
2 --- orig/libavcodec/h264.c» 2012-02-06 14:02:09.990431439 -0800 2 index 7a16bda..2fea444 100644
3 +++ ffmpeg/libavcodec/h264.c» 2012-02-06 14:06:11.752827405 -0800 3 --- a/libavcodec/h264.c
4 @@ -988,12 +988,13 @@ int ff_h264_decode_extradata(H264Context 4 +++ b/libavcodec/h264.c
5 AVCodecContext *avctx = h->s.avctx; 5 @@ -1097,6 +1095,8 @@ int ff_h264_decode_extradata(H264Context *h, const uint8_t *buf, int size)
6
7 if(avctx->extradata[0] == 1){
8 - int i, cnt, nalsize;
9 + int i, cnt, nalsize, size_left;
10 unsigned char *p = avctx->extradata;
11 + size_left = avctx->extradata_size;
12
13 h->is_avc = 1;
14
15 - if(avctx->extradata_size < 7) {
16 + if(size_left < 7) {
17 av_log(avctx, AV_LOG_ERROR, "avcC too short\n");
18 return -1;
19 }
20 @@ -1003,23 +1004,47 @@ int ff_h264_decode_extradata(H264Context
21 // Decode sps from avcC
22 cnt = *(p+5) & 0x1f; // Number of sps 6 cnt = *(p+5) & 0x1f; // Number of sps
23 p += 6; 7 p += 6;
24 + size_left -= 6;
25 for (i = 0; i < cnt; i++) { 8 for (i = 0; i < cnt; i++) {
26 + if (size_left < 2) { 9 + if(size - (p-buf) < 2)
27 + av_log(avctx, AV_LOG_ERROR, "Cannot read sps nalsize\n");
28 + return -1; 10 + return -1;
29 + }
30 nalsize = AV_RB16(p) + 2; 11 nalsize = AV_RB16(p) + 2;
31 + if (size_left < nalsize) { 12 if(nalsize > size - (p-buf))
32 + av_log(avctx, AV_LOG_ERROR, "sps nalsize too big\n");
33 + return -1;
34 + }
35 if(decode_nal_units(h, p, nalsize) < 0) {
36 av_log(avctx, AV_LOG_ERROR, "Decoding sps %d from avcC failed\n ", i);
37 return -1; 13 return -1;
14 @@ -1106,9 +1106,13 @@ int ff_h264_decode_extradata(H264Context *h, const uint8_ t *buf, int size)
38 } 15 }
39 p += nalsize; 16 p += nalsize;
40 + size_left -= nalsize;
41 } 17 }
18 + if(size - (p-buf) <= 0)
19 + return -1;
42 // Decode pps from avcC 20 // Decode pps from avcC
43 + if(!size_left) {
44 + av_log(avctx, AV_LOG_ERROR, "Cannot read pps count\n");
45 + return -1;
46 + }
47 cnt = *(p++); // Number of pps 21 cnt = *(p++); // Number of pps
48 + --size_left;
49 for (i = 0; i < cnt; i++) { 22 for (i = 0; i < cnt; i++) {
50 + if (size_left < 2) { 23 + if(size - (p-buf) < 2)
51 + av_log(avctx, AV_LOG_ERROR, "Cannot read pps nalsize\n");
52 + return -1; 24 + return -1;
53 + }
54 nalsize = AV_RB16(p) + 2; 25 nalsize = AV_RB16(p) + 2;
55 + if (size_left < nalsize) { 26 if(nalsize > size - (p-buf))
56 + av_log(avctx, AV_LOG_ERROR, "pps nalsize too big\n");
57 + return -1;
58 + }
59 if (decode_nal_units(h, p, nalsize) < 0) {
60 av_log(avctx, AV_LOG_ERROR, "Decoding pps %d from avcC failed\n ", i);
61 return -1; 27 return -1;
62 }
63 p += nalsize;
64 + size_left -= nalsize;
65 }
66 // Now store right nal length size, that will be use to parse all other nals
67 h->nal_length_size = (avctx->extradata[4] & 0x03) + 1;
OLDNEW
« no previous file with comments | « chromium/patches/to_upstream/01_static_pthread_O2.patch ('k') | libavcodec/pthread.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698