summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKlaus Schmidinger <vdr@tvdr.de>2014-03-08 15:04:09 +0100
committerKlaus Schmidinger <vdr@tvdr.de>2014-03-08 15:04:09 +0100
commitad1352f109a5e20787baf99d31b1723ae200784e (patch)
treee2bfde55a394022eb930ce9f446ccae240c23e89
parentdf03740741e0c6405354d6e4647332947128cdd2 (diff)
downloadvdr-ad1352f109a5e20787baf99d31b1723ae200784e.tar.gz
vdr-ad1352f109a5e20787baf99d31b1723ae200784e.tar.bz2
Fixed a possible endless loop in cH264Parser::GetGolombUe()
-rw-r--r--HISTORY4
-rw-r--r--remux.c12
2 files changed, 10 insertions, 6 deletions
diff --git a/HISTORY b/HISTORY
index 6325bd14..bd23bbd4 100644
--- a/HISTORY
+++ b/HISTORY
@@ -8203,7 +8203,7 @@ Video Disk Recorder Revision History
- Fixed detecting broken video data streams when recording.
- Fixed handling frame detection buffer length (reported by Eike Sauer).
-2014-02-27: Version 2.1.6
+2014-03-08: Version 2.1.6
- Revoked "Fixed some compiler warnings with Clang 3.4.1" from ci.c, because this
did not compile with older versions of gcc (thanks to Sören Moch).
@@ -8211,3 +8211,5 @@ Video Disk Recorder Revision History
deleted in a sub folder.
- Fixed handling transfer mode on full featured DVB cards for encrypted channels
that have no audio pid (reported by Christian Winkler).
+- Fixed a possible endless loop in cH264Parser::GetGolombUe(), which caused recordings
+ on some HD channels to get stuck and resulted in buffer overflows.
diff --git a/remux.c b/remux.c
index 44eec8ce..fad4f810 100644
--- a/remux.c
+++ b/remux.c
@@ -4,7 +4,7 @@
* See the main source file 'vdr.c' for copyright information and
* how to reach the author.
*
- * $Id: remux.c 3.3 2014/02/21 11:51:55 kls Exp $
+ * $Id: remux.c 3.4 2014/03/08 15:04:03 kls Exp $
*/
#include "remux.h"
@@ -272,7 +272,7 @@ uchar cTsPayload::GetByte(void)
if (data[index] == TS_SYNC_BYTE && index + TS_SIZE <= length) { // to make sure we are at a TS header start and drop incomplete TS packets at the end
uchar *p = data + index;
if (TsPid(p) == pid) { // only handle TS packets for the initial PID
- if (numPacketsPid++ > MAX_TS_PACKETS_FOR_VIDEO_FRAME_DETECTION)
+ if (++numPacketsPid > MAX_TS_PACKETS_FOR_VIDEO_FRAME_DETECTION)
return SetEof();
if (TsHasPayload(p)) {
if (index > 0 && TsPayloadStart(p)) // checking index to not skip the very first TS packet
@@ -1252,7 +1252,7 @@ uint32_t cH264Parser::GetBits(int Bits)
uint32_t cH264Parser::GetGolombUe(void)
{
int z = -1;
- for (int b = 0; !b; z++)
+ for (int b = 0; !b && z < 32; z++) // limiting z to no get stuck if GetBit() always returns 0
b = GetBit();
return (1 << z) - 1 + GetBits(z);
}
@@ -1288,8 +1288,10 @@ int cH264Parser::Parse(const uchar *Data, int Length, int Pid)
case nutAccessUnitDelimiter: ParseAccessUnitDelimiter();
gotAccessUnitDelimiter = true;
break;
- case nutSequenceParameterSet: ParseSequenceParameterSet();
- gotSequenceParameterSet = true;
+ case nutSequenceParameterSet: if (gotAccessUnitDelimiter) {
+ ParseSequenceParameterSet();
+ gotSequenceParameterSet = true;
+ }
break;
case nutCodedSliceNonIdr:
case nutCodedSliceIdr: if (gotAccessUnitDelimiter && gotSequenceParameterSet) {