summaryrefslogtreecommitdiff
path: root/libavcodec/h264_cabac.c
diff options
context:
space:
mode:
authorRonald S. Bultje <rsbultje@gmail.com>2012-02-09 22:57:01 -0800
committerRonald S. Bultje <rsbultje@gmail.com>2012-02-09 22:57:01 -0800
commit45b7bd7c53b41bc5ff6fc2158831f2b1b1256113 (patch)
tree51923d7569c3c823380fcca869fa8361055dcc3e /libavcodec/h264_cabac.c
parent81749f30cd84b35f774d7d1bbe6bf3f96e2362c8 (diff)
downloadffmpeg-45b7bd7c53b41bc5ff6fc2158831f2b1b1256113.tar.gz
h264: disallow constrained intra prediction modes for luma.
Conversion of the luma intra prediction mode to one of the constrained ("alzheimer") ones can happen by crafting special bitstreams, causing a crash because we'll call a NULL function pointer for 16x16 block intra prediction, since constrained intra prediction functions are only implemented for chroma (8x8 blocks). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
Diffstat (limited to 'libavcodec/h264_cabac.c')
-rw-r--r--libavcodec/h264_cabac.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c
index a49ac6d498..75fb02cb63 100644
--- a/libavcodec/h264_cabac.c
+++ b/libavcodec/h264_cabac.c
@@ -2040,14 +2040,14 @@ decode_intra_mb:
write_back_intra_pred_mode(h);
if( ff_h264_check_intra4x4_pred_mode(h) < 0 ) return -1;
} else {
- h->intra16x16_pred_mode= ff_h264_check_intra_pred_mode( h, h->intra16x16_pred_mode );
+ h->intra16x16_pred_mode= ff_h264_check_intra_pred_mode( h, h->intra16x16_pred_mode, 0 );
if( h->intra16x16_pred_mode < 0 ) return -1;
}
if(decode_chroma){
h->chroma_pred_mode_table[mb_xy] =
pred_mode = decode_cabac_mb_chroma_pre_mode( h );
- pred_mode= ff_h264_check_intra_pred_mode( h, pred_mode );
+ pred_mode= ff_h264_check_intra_pred_mode( h, pred_mode, 1 );
if( pred_mode < 0 ) return -1;
h->chroma_pred_mode= pred_mode;
} else {