overread fix
Originally committed as revision 3294 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Michael Niedermayer
parent
240ae82c51
commit
bba8334965
@ -93,6 +93,7 @@ void ff_init_cabac_encoder(CABACContext *c, uint8_t *buf, int buf_size){
|
|||||||
void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){
|
void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){
|
||||||
c->bytestream_start=
|
c->bytestream_start=
|
||||||
c->bytestream= buf;
|
c->bytestream= buf;
|
||||||
|
c->bytestream_end= buf + buf_size;
|
||||||
|
|
||||||
c->low= *c->bytestream++;
|
c->low= *c->bytestream++;
|
||||||
c->low= (c->low<<9) + ((*c->bytestream++)<<1);
|
c->low= (c->low<<9) + ((*c->bytestream++)<<1);
|
||||||
|
|||||||
@ -39,6 +39,7 @@ typedef struct CABACContext{
|
|||||||
uint8_t mps_state[2*64]; ///< transIdxMPS
|
uint8_t mps_state[2*64]; ///< transIdxMPS
|
||||||
const uint8_t *bytestream_start;
|
const uint8_t *bytestream_start;
|
||||||
const uint8_t *bytestream;
|
const uint8_t *bytestream;
|
||||||
|
const uint8_t *bytestream_end;
|
||||||
int bits_left; ///<
|
int bits_left; ///<
|
||||||
PutBitContext pb;
|
PutBitContext pb;
|
||||||
}CABACContext;
|
}CABACContext;
|
||||||
@ -253,7 +254,9 @@ static inline void renorm_cabac_decoder(CABACContext *c){
|
|||||||
c->range+= c->range;
|
c->range+= c->range;
|
||||||
c->low+= c->low;
|
c->low+= c->low;
|
||||||
if(--c->bits_left == 0){
|
if(--c->bits_left == 0){
|
||||||
c->low+= *c->bytestream++;
|
if(c->bytestream < c->bytestream_end)
|
||||||
|
c->low+= *c->bytestream;
|
||||||
|
c->bytestream++;
|
||||||
c->bits_left= 8;
|
c->bits_left= 8;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -298,7 +301,9 @@ static inline int get_cabac_bypass(CABACContext *c){
|
|||||||
c->low += c->low;
|
c->low += c->low;
|
||||||
|
|
||||||
if(--c->bits_left == 0){
|
if(--c->bits_left == 0){
|
||||||
c->low+= *c->bytestream++;
|
if(c->bytestream < c->bytestream_end)
|
||||||
|
c->low+= *c->bytestream;
|
||||||
|
c->bytestream++;
|
||||||
c->bits_left= 8;
|
c->bits_left= 8;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -5117,7 +5117,7 @@ static int decode_slice(H264Context *h){
|
|||||||
ff_init_cabac_states( &h->cabac, ff_h264_lps_range, ff_h264_mps_state, ff_h264_lps_state, 64 );
|
ff_init_cabac_states( &h->cabac, ff_h264_lps_range, ff_h264_mps_state, ff_h264_lps_state, 64 );
|
||||||
ff_init_cabac_decoder( &h->cabac,
|
ff_init_cabac_decoder( &h->cabac,
|
||||||
s->gb.buffer + get_bits_count(&s->gb)/8,
|
s->gb.buffer + get_bits_count(&s->gb)/8,
|
||||||
( s->gb.size_in_bits - get_bits_count(&s->gb) ) );
|
( s->gb.size_in_bits - get_bits_count(&s->gb) + 7)/8);
|
||||||
/* calculate pre-state */
|
/* calculate pre-state */
|
||||||
for( i= 0; i < 399; i++ ) {
|
for( i= 0; i < 399; i++ ) {
|
||||||
int pre;
|
int pre;
|
||||||
@ -5149,7 +5149,7 @@ static int decode_slice(H264Context *h){
|
|||||||
s->mb_y--;
|
s->mb_y--;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ret < 0 ) {
|
if( ret < 0 || h->cabac.bytestream > h->cabac.bytestream_end + 1) {
|
||||||
av_log(h->s.avctx, AV_LOG_ERROR, "error while decoding MB %d %d\n", s->mb_x, s->mb_y);
|
av_log(h->s.avctx, AV_LOG_ERROR, "error while decoding MB %d %d\n", s->mb_x, s->mb_y);
|
||||||
ff_er_add_slice(s, s->resync_mb_x, s->resync_mb_y, s->mb_x, s->mb_y, (AC_ERROR|DC_ERROR|MV_ERROR)&part_mask);
|
ff_er_add_slice(s, s->resync_mb_x, s->resync_mb_y, s->mb_x, s->mb_y, (AC_ERROR|DC_ERROR|MV_ERROR)&part_mask);
|
||||||
return -1;
|
return -1;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user