h264: Lower bound check for slice offsets
And use the value from the specification. Sample-Id: 00000451-google Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This commit is contained in:
parent
5c79d2e12d
commit
f777504f64
@ -3840,8 +3840,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
|
||||
get_se_golomb(&h->gb); /* slice_qs_delta */
|
||||
|
||||
h->deblocking_filter = 1;
|
||||
h->slice_alpha_c0_offset = 52;
|
||||
h->slice_beta_offset = 52;
|
||||
h->slice_alpha_c0_offset = 0;
|
||||
h->slice_beta_offset = 0;
|
||||
if (h->pps.deblocking_filter_parameters_present) {
|
||||
tmp = get_ue_golomb_31(&h->gb);
|
||||
if (tmp > 2) {
|
||||
@ -3854,10 +3854,12 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
|
||||
h->deblocking_filter ^= 1; // 1<->0
|
||||
|
||||
if (h->deblocking_filter) {
|
||||
h->slice_alpha_c0_offset += get_se_golomb(&h->gb) << 1;
|
||||
h->slice_beta_offset += get_se_golomb(&h->gb) << 1;
|
||||
if (h->slice_alpha_c0_offset > 104U ||
|
||||
h->slice_beta_offset > 104U) {
|
||||
h->slice_alpha_c0_offset = get_se_golomb(&h->gb) * 2;
|
||||
h->slice_beta_offset = get_se_golomb(&h->gb) * 2;
|
||||
if (h->slice_alpha_c0_offset > 12 ||
|
||||
h->slice_alpha_c0_offset < -12 ||
|
||||
h->slice_beta_offset > 12 ||
|
||||
h->slice_beta_offset < -12) {
|
||||
av_log(h->avctx, AV_LOG_ERROR,
|
||||
"deblocking filter parameters %d %d out of range\n",
|
||||
h->slice_alpha_c0_offset, h->slice_beta_offset);
|
||||
@ -3894,7 +3896,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
|
||||
}
|
||||
}
|
||||
}
|
||||
h->qp_thresh = 15 + 52 -
|
||||
h->qp_thresh = 15 +
|
||||
FFMIN(h->slice_alpha_c0_offset, h->slice_beta_offset) -
|
||||
FFMAX3(0,
|
||||
h->pps.chroma_qp_index_offset[0],
|
||||
@ -3956,7 +3958,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
|
||||
h->ref_count[0], h->ref_count[1],
|
||||
h->qscale,
|
||||
h->deblocking_filter,
|
||||
h->slice_alpha_c0_offset / 2 - 26, h->slice_beta_offset / 2 - 26,
|
||||
h->slice_alpha_c0_offset, h->slice_beta_offset,
|
||||
h->use_weight,
|
||||
h->use_weight == 1 && h->use_weight_chroma ? "c" : "",
|
||||
h->slice_type == AV_PICTURE_TYPE_B ? (h->direct_spatial_mv_pred ? "SPAT" : "TEMP") : "");
|
||||
|
@ -252,8 +252,8 @@ static av_always_inline void h264_filter_mb_fast_internal(H264Context *h,
|
||||
int top_type= h->top_type;
|
||||
|
||||
int qp_bd_offset = 6 * (h->sps.bit_depth_luma - 8);
|
||||
int a = h->slice_alpha_c0_offset - qp_bd_offset;
|
||||
int b = h->slice_beta_offset - qp_bd_offset;
|
||||
int a = 52 + h->slice_alpha_c0_offset - qp_bd_offset;
|
||||
int b = 52 + h->slice_beta_offset - qp_bd_offset;
|
||||
|
||||
int mb_type = h->cur_pic.mb_type[mb_xy];
|
||||
int qp = h->cur_pic.qscale_table[mb_xy];
|
||||
@ -707,8 +707,8 @@ void ff_h264_filter_mb( H264Context *h, int mb_x, int mb_y, uint8_t *img_y, uint
|
||||
av_unused int dir;
|
||||
int chroma = !(CONFIG_GRAY && (h->flags&CODEC_FLAG_GRAY));
|
||||
int qp_bd_offset = 6 * (h->sps.bit_depth_luma - 8);
|
||||
int a = h->slice_alpha_c0_offset - qp_bd_offset;
|
||||
int b = h->slice_beta_offset - qp_bd_offset;
|
||||
int a = 52 + h->slice_alpha_c0_offset - qp_bd_offset;
|
||||
int b = 52 + h->slice_beta_offset - qp_bd_offset;
|
||||
|
||||
if (FRAME_MBAFF(h)
|
||||
// and current and left pair do not have the same interlaced type
|
||||
|
Loading…
Reference in New Issue
Block a user