generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

h264: More correct ref_count check in decode_slice_header()

Browse Source 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dc9ce40069)
This commit is contained in:
Michael Niedermayer
2011-09-28 22:22:56 +02:00
parent 9960710b87
commit be9183de2e
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/h264.c
View File

@@ -2872,6 +2872,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
h->ref_count[1]= h->pps.ref_count[1];
if(h->slice_type_nos != AV_PICTURE_TYPE_I){
unsigned max= (16<<(s->picture_structure != PICT_FRAME))-1;
if(h->slice_type_nos == AV_PICTURE_TYPE_B){
h->direct_spatial_mv_pred= get_bits1(&s->gb);
}
@@ -2882,12 +2883,12 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
if(h->slice_type_nos==AV_PICTURE_TYPE_B)
h->ref_count[1]= get_ue_golomb(&s->gb) + 1;
if(h->ref_count[0]-1 > 32-1 || h->ref_count[1]-1 > 32-1){
}
if(h->ref_count[0]-1 > max || h->ref_count[1]-1 > max){
av_log(h->s.avctx, AV_LOG_ERROR, "reference overflow\n");
h->ref_count[0]= h->ref_count[1]= 1;
return -1;
}
}
if(h->slice_type_nos == AV_PICTURE_TYPE_B)
h->list_count= 2;
else