From 1a04694d97fb4a0d5edf0ddff167a5e4b9184469 Mon Sep 17 00:00:00 2001 From: Licai Guo Date: Thu, 16 Jan 2014 22:13:03 -0800 Subject: [PATCH 1/2] fix crash caused by empty packets and add more checks --- codec/decoder/core/src/au_parser.cpp | 3 ++- codec/decoder/core/src/decode_slice.cpp | 2 +- codec/decoder/core/src/decoder.cpp | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/codec/decoder/core/src/au_parser.cpp b/codec/decoder/core/src/au_parser.cpp index f851e535..fdbff04f 100644 --- a/codec/decoder/core/src/au_parser.cpp +++ b/codec/decoder/core/src/au_parser.cpp @@ -479,7 +479,8 @@ int32_t ParseNonVclNal (PWelsDecoderContext pCtx, uint8_t* pRbsp, const int32_t int32_t iPicHeight = 0; int32_t iBitSize = 0; int32_t iErr = ERR_NONE; - + if (kiSrcLen <= 0) + return iErr; pBs = &pCtx->sBs; // SBitStringAux instance for non VCL NALs decoding iBitSize = (kiSrcLen << 3) - BsGetTrailingBits (pRbsp + kiSrcLen - 1); // convert into bit eNalType = pCtx->sCurNalHead.eNalUnitType; diff --git a/codec/decoder/core/src/decode_slice.cpp b/codec/decoder/core/src/decode_slice.cpp index a597d39f..4c99efe9 100644 --- a/codec/decoder/core/src/decode_slice.cpp +++ b/codec/decoder/core/src/decode_slice.cpp @@ -403,7 +403,7 @@ int32_t WelsDecodeSlice (PWelsDecoderContext pCtx, bool_t bFirstSliceInLayer, PN iNextMbXyIndex = pSliceHeader->iFirstMbInSlice; - if (iNextMbXyIndex >= kiCountNumMb) { + if (iNextMbXyIndex < 0 || iNextMbXyIndex >= kiCountNumMb) { WelsLog (pCtx, WELS_LOG_ERROR, "WelsDecodeSlice()::iFirstMbInSlice(%d) > pSps->kiTotalMb(%d). ERROR!!! resolution change....\n", iNextMbXyIndex, kiCountNumMb); diff --git a/codec/decoder/core/src/decoder.cpp b/codec/decoder/core/src/decoder.cpp index a808bcab..d09227fc 100644 --- a/codec/decoder/core/src/decoder.cpp +++ b/codec/decoder/core/src/decoder.cpp @@ -690,7 +690,7 @@ int32_t SyncPictureResolutionExt (PWelsDecoderContext pCtx, const int32_t kiMbWi */ void_t UpdateMaxPictureResolution (PWelsDecoderContext pCtx, const int32_t kiCurWidth, const int32_t kiCurHeight) { //any dimension larger than that of current dimension, should modify the max-dimension - if (kiCurWidth > pCtx->iMaxWidthInSps || kiCurHeight > pCtx->iMaxHeightInSps) { + if (kiCurWidth * kiCurHeight > pCtx->iMaxWidthInSps * pCtx->iMaxHeightInSps) { pCtx->iMaxWidthInSps = kiCurWidth; pCtx->iMaxHeightInSps = kiCurHeight; } From 56767f8154f3e1d4d44a5a4426357138d828db23 Mon Sep 17 00:00:00 2001 From: Licai Guo Date: Tue, 21 Jan 2014 00:23:41 -0800 Subject: [PATCH 2/2] add parenthses --- codec/decoder/core/src/decode_slice.cpp | 2 +- codec/decoder/core/src/decoder.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/codec/decoder/core/src/decode_slice.cpp b/codec/decoder/core/src/decode_slice.cpp index 4c99efe9..c56fb928 100644 --- a/codec/decoder/core/src/decode_slice.cpp +++ b/codec/decoder/core/src/decode_slice.cpp @@ -403,7 +403,7 @@ int32_t WelsDecodeSlice (PWelsDecoderContext pCtx, bool_t bFirstSliceInLayer, PN iNextMbXyIndex = pSliceHeader->iFirstMbInSlice; - if (iNextMbXyIndex < 0 || iNextMbXyIndex >= kiCountNumMb) { + if ((iNextMbXyIndex < 0) || (iNextMbXyIndex >= kiCountNumMb)) { WelsLog (pCtx, WELS_LOG_ERROR, "WelsDecodeSlice()::iFirstMbInSlice(%d) > pSps->kiTotalMb(%d). ERROR!!! resolution change....\n", iNextMbXyIndex, kiCountNumMb); diff --git a/codec/decoder/core/src/decoder.cpp b/codec/decoder/core/src/decoder.cpp index d09227fc..f87c287a 100644 --- a/codec/decoder/core/src/decoder.cpp +++ b/codec/decoder/core/src/decoder.cpp @@ -690,7 +690,7 @@ int32_t SyncPictureResolutionExt (PWelsDecoderContext pCtx, const int32_t kiMbWi */ void_t UpdateMaxPictureResolution (PWelsDecoderContext pCtx, const int32_t kiCurWidth, const int32_t kiCurHeight) { //any dimension larger than that of current dimension, should modify the max-dimension - if (kiCurWidth * kiCurHeight > pCtx->iMaxWidthInSps * pCtx->iMaxHeightInSps) { + if ((kiCurWidth * kiCurHeight) > (pCtx->iMaxWidthInSps * pCtx->iMaxHeightInSps)) { pCtx->iMaxWidthInSps = kiCurWidth; pCtx->iMaxHeightInSps = kiCurHeight; }