From 99f1f07b78c7a73f1e1eea5678b88c2b9d5bac3a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 27 Apr 2022 22:16:51 +0200
Subject: avcodec/h264dec: Skip late SEI

Fixes: Race condition
Fixes: clusterfuzz-testcase-minimized-mediasource_MP2T_AVC_pipeline_integration_fuzzer-6282675434094592

Found-by: google ClusterFuzz
Tested-by: Dan Sanders <sandersd@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f7dd408d64013ae177c1f8d0e04418e5075db5bc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/h264dec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/h264dec.c b/libavcodec/h264dec.c
index 0e189da61a..dc259ceff2 100644
--- a/libavcodec/h264dec.c
+++ b/libavcodec/h264dec.c
@@ -699,6 +699,10 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size)
             avpriv_request_sample(avctx, "data partitioning");
             break;
         case H264_NAL_SEI:
+            if (h->setup_finished) {
+                avpriv_request_sample(avctx, "Late SEI");
+                break;
+            }
             ret = ff_h264_sei_decode(&h->sei, &nal->gb, &h->ps, avctx);
             h->has_recovery_point = h->has_recovery_point || h->sei.recovery_point.recovery_frame_cnt != -1;
             if (avctx->debug & FF_DEBUG_GREEN_MD)
-- 
cgit v1.2.1