From 1cf9f2d497cf882a179cdfd677900c690cef58ee Mon Sep 17 00:00:00 2001
From: Wim Taymans <wim.taymans@collabora.co.uk>
Date: Mon, 22 Jun 2009 11:19:07 +0200
Subject: h264parse: detect and fix for bad NALU sizes

when in AVC mode a nalu size seems invalid, assume the NALU has the size of the
available data instead of looping forever.

Fixes #586354
---
 gst/h264parse/gsth264parse.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'gst')

diff --git a/gst/h264parse/gsth264parse.c b/gst/h264parse/gsth264parse.c
index bea4a600..ebc4360d 100644
--- a/gst/h264parse/gsth264parse.c
+++ b/gst/h264parse/gsth264parse.c
@@ -464,6 +464,16 @@ gst_h264_parse_chain_forward (GstH264Parse * h264parse, gboolean discont,
       for (i = 0; i < h264parse->nal_length_size; i++)
         nalu_size = (nalu_size << 8) | data[i];
 
+      GST_LOG_OBJECT (h264parse, "got NALU size %u", nalu_size);
+
+      /* check for invalid NALU sizes, assume the size if the available bytes
+       * when something is fishy */
+      if (nalu_size <= 1 || nalu_size + h264parse->nal_length_size > avail) {
+        nalu_size = avail - h264parse->nal_length_size;
+        GST_DEBUG_OBJECT (h264parse, "fixing invalid NALU size to %u",
+            nalu_size);
+      }
+
       /* Packetized format, see if we have to split it, usually splitting is not
        * a good idea as decoders have no way of handling it. */
       if (h264parse->split_packetized) {
-- 
cgit v1.2.1