h264: check mb_width/height

Fixes inconsistency that leads to out of array accesses with threads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

h264: check mb_width/height
Fixes inconsistency that leads to out of array accesses with threads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5a9e3760 · Michael Niedermayer · edabbfba · 5a9e3760
Commit 5a9e3760 authored May 05, 2013 by Michael Niedermayer
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

h264.c libavcodec/h264.c +4 -1

No files found.
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -3310,7 +3310,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
                     || 16*h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) != h->avctx->coded_height
                     || h->avctx->bits_per_raw_sample != h->sps.bit_depth_luma
                     || h->cur_chroma_format_idc != h->sps.chroma_format_idc
-                     || av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio)));
+                     || av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio)
+                     || h->mb_width  != h->sps.mb_width
+                     || h->mb_height != h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag)
+                    ));
    if (h0->avctx->pix_fmt != get_pixel_format(h0, 0))
        must_reinit = 1;