diff options
author | Klaus Schmidinger <vdr@tvdr.de> | 2014-03-08 15:04:09 +0100 |
---|---|---|
committer | Klaus Schmidinger <vdr@tvdr.de> | 2014-03-08 15:04:09 +0100 |
commit | ad1352f109a5e20787baf99d31b1723ae200784e (patch) | |
tree | e2bfde55a394022eb930ce9f446ccae240c23e89 | |
parent | df03740741e0c6405354d6e4647332947128cdd2 (diff) | |
download | vdr-ad1352f109a5e20787baf99d31b1723ae200784e.tar.gz vdr-ad1352f109a5e20787baf99d31b1723ae200784e.tar.bz2 |
Fixed a possible endless loop in cH264Parser::GetGolombUe()
-rw-r--r-- | HISTORY | 4 | ||||
-rw-r--r-- | remux.c | 12 |
2 files changed, 10 insertions, 6 deletions
@@ -8203,7 +8203,7 @@ Video Disk Recorder Revision History - Fixed detecting broken video data streams when recording. - Fixed handling frame detection buffer length (reported by Eike Sauer). -2014-02-27: Version 2.1.6 +2014-03-08: Version 2.1.6 - Revoked "Fixed some compiler warnings with Clang 3.4.1" from ci.c, because this did not compile with older versions of gcc (thanks to Sören Moch). @@ -8211,3 +8211,5 @@ Video Disk Recorder Revision History deleted in a sub folder. - Fixed handling transfer mode on full featured DVB cards for encrypted channels that have no audio pid (reported by Christian Winkler). +- Fixed a possible endless loop in cH264Parser::GetGolombUe(), which caused recordings + on some HD channels to get stuck and resulted in buffer overflows. @@ -4,7 +4,7 @@ * See the main source file 'vdr.c' for copyright information and * how to reach the author. * - * $Id: remux.c 3.3 2014/02/21 11:51:55 kls Exp $ + * $Id: remux.c 3.4 2014/03/08 15:04:03 kls Exp $ */ #include "remux.h" @@ -272,7 +272,7 @@ uchar cTsPayload::GetByte(void) if (data[index] == TS_SYNC_BYTE && index + TS_SIZE <= length) { // to make sure we are at a TS header start and drop incomplete TS packets at the end uchar *p = data + index; if (TsPid(p) == pid) { // only handle TS packets for the initial PID - if (numPacketsPid++ > MAX_TS_PACKETS_FOR_VIDEO_FRAME_DETECTION) + if (++numPacketsPid > MAX_TS_PACKETS_FOR_VIDEO_FRAME_DETECTION) return SetEof(); if (TsHasPayload(p)) { if (index > 0 && TsPayloadStart(p)) // checking index to not skip the very first TS packet @@ -1252,7 +1252,7 @@ uint32_t cH264Parser::GetBits(int Bits) uint32_t cH264Parser::GetGolombUe(void) { int z = -1; - for (int b = 0; !b; z++) + for (int b = 0; !b && z < 32; z++) // limiting z to no get stuck if GetBit() always returns 0 b = GetBit(); return (1 << z) - 1 + GetBits(z); } @@ -1288,8 +1288,10 @@ int cH264Parser::Parse(const uchar *Data, int Length, int Pid) case nutAccessUnitDelimiter: ParseAccessUnitDelimiter(); gotAccessUnitDelimiter = true; break; - case nutSequenceParameterSet: ParseSequenceParameterSet(); - gotSequenceParameterSet = true; + case nutSequenceParameterSet: if (gotAccessUnitDelimiter) { + ParseSequenceParameterSet(); + gotSequenceParameterSet = true; + } break; case nutCodedSliceNonIdr: case nutCodedSliceIdr: if (gotAccessUnitDelimiter && gotSequenceParameterSet) { |