Fixed a possible endless loop in cH264Parser::GetGolombUe()

This commit is contained in:
Klaus Schmidinger 2014-03-08 15:04:09 +01:00
parent df03740741
commit ad1352f109
2 changed files with 10 additions and 6 deletions

View File

@ -8203,7 +8203,7 @@ Video Disk Recorder Revision History
- Fixed detecting broken video data streams when recording. - Fixed detecting broken video data streams when recording.
- Fixed handling frame detection buffer length (reported by Eike Sauer). - Fixed handling frame detection buffer length (reported by Eike Sauer).
2014-02-27: Version 2.1.6 2014-03-08: Version 2.1.6
- Revoked "Fixed some compiler warnings with Clang 3.4.1" from ci.c, because this - Revoked "Fixed some compiler warnings with Clang 3.4.1" from ci.c, because this
did not compile with older versions of gcc (thanks to Sören Moch). did not compile with older versions of gcc (thanks to Sören Moch).
@ -8211,3 +8211,5 @@ Video Disk Recorder Revision History
deleted in a sub folder. deleted in a sub folder.
- Fixed handling transfer mode on full featured DVB cards for encrypted channels - Fixed handling transfer mode on full featured DVB cards for encrypted channels
that have no audio pid (reported by Christian Winkler). that have no audio pid (reported by Christian Winkler).
- Fixed a possible endless loop in cH264Parser::GetGolombUe(), which caused recordings
on some HD channels to get stuck and resulted in buffer overflows.

12
remux.c
View File

@ -4,7 +4,7 @@
* See the main source file 'vdr.c' for copyright information and * See the main source file 'vdr.c' for copyright information and
* how to reach the author. * how to reach the author.
* *
* $Id: remux.c 3.3 2014/02/21 11:51:55 kls Exp $ * $Id: remux.c 3.4 2014/03/08 15:04:03 kls Exp $
*/ */
#include "remux.h" #include "remux.h"
@ -272,7 +272,7 @@ uchar cTsPayload::GetByte(void)
if (data[index] == TS_SYNC_BYTE && index + TS_SIZE <= length) { // to make sure we are at a TS header start and drop incomplete TS packets at the end if (data[index] == TS_SYNC_BYTE && index + TS_SIZE <= length) { // to make sure we are at a TS header start and drop incomplete TS packets at the end
uchar *p = data + index; uchar *p = data + index;
if (TsPid(p) == pid) { // only handle TS packets for the initial PID if (TsPid(p) == pid) { // only handle TS packets for the initial PID
if (numPacketsPid++ > MAX_TS_PACKETS_FOR_VIDEO_FRAME_DETECTION) if (++numPacketsPid > MAX_TS_PACKETS_FOR_VIDEO_FRAME_DETECTION)
return SetEof(); return SetEof();
if (TsHasPayload(p)) { if (TsHasPayload(p)) {
if (index > 0 && TsPayloadStart(p)) // checking index to not skip the very first TS packet if (index > 0 && TsPayloadStart(p)) // checking index to not skip the very first TS packet
@ -1252,7 +1252,7 @@ uint32_t cH264Parser::GetBits(int Bits)
uint32_t cH264Parser::GetGolombUe(void) uint32_t cH264Parser::GetGolombUe(void)
{ {
int z = -1; int z = -1;
for (int b = 0; !b; z++) for (int b = 0; !b && z < 32; z++) // limiting z to no get stuck if GetBit() always returns 0
b = GetBit(); b = GetBit();
return (1 << z) - 1 + GetBits(z); return (1 << z) - 1 + GetBits(z);
} }
@ -1288,8 +1288,10 @@ int cH264Parser::Parse(const uchar *Data, int Length, int Pid)
case nutAccessUnitDelimiter: ParseAccessUnitDelimiter(); case nutAccessUnitDelimiter: ParseAccessUnitDelimiter();
gotAccessUnitDelimiter = true; gotAccessUnitDelimiter = true;
break; break;
case nutSequenceParameterSet: ParseSequenceParameterSet(); case nutSequenceParameterSet: if (gotAccessUnitDelimiter) {
gotSequenceParameterSet = true; ParseSequenceParameterSet();
gotSequenceParameterSet = true;
}
break; break;
case nutCodedSliceNonIdr: case nutCodedSliceNonIdr:
case nutCodedSliceIdr: if (gotAccessUnitDelimiter && gotSequenceParameterSet) { case nutCodedSliceIdr: if (gotAccessUnitDelimiter && gotSequenceParameterSet) {