Commit 8d9fd581 authored by Jeff Downs's avatar Jeff Downs Committed by Michael Niedermayer

h264: Fix maximum reference count check for non-b frames

Below fixes the maximum reference count check for second reference list in
non-B frames.  There is nothing to prohibit full (field sized) reference
list in this case as far as I can tell, and this fixes several syntax-test
files here (this is a regression caused when this check was made more
stringent by
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=dc9ce40069bde3d28f8d0b3e5bd733ae255fecb5)

Probably a silly corner case seldom seen irl, but thought I'd pass along
in case there was interest in correcting the check.

---------------

h264: Fix maximum reference count check for non-b frames; full range is
technically ok
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 8069db86
......@@ -3383,7 +3383,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
h->ref_count[1] = h->pps.ref_count[1];
if (h->slice_type_nos != AV_PICTURE_TYPE_I) {
unsigned max = s->picture_structure == PICT_FRAME ? 15 : 31;
unsigned max[2];
max[0] = max[1] = s->picture_structure == PICT_FRAME ? 15 : 31;
if (h->slice_type_nos == AV_PICTURE_TYPE_B)
h->direct_spatial_mv_pred = get_bits1(&s->gb);
......@@ -3393,10 +3394,13 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
h->ref_count[0] = get_ue_golomb(&s->gb) + 1;
if (h->slice_type_nos == AV_PICTURE_TYPE_B)
h->ref_count[1] = get_ue_golomb(&s->gb) + 1;
else
// full range is spec-ok in this case, even for frames
max[1] = 31;
}
if (h->ref_count[0]-1 > max || h->ref_count[1]-1 > max){
av_log(h->s.avctx, AV_LOG_ERROR, "reference overflow\n");
if (h->ref_count[0]-1 > max[0] || h->ref_count[1]-1 > max[1]){
av_log(h->s.avctx, AV_LOG_ERROR, "reference overflow %u > %u or %u > %u\n", h->ref_count[0]-1, max[0], h->ref_count[1]-1, max[1]);
h->ref_count[0] = h->ref_count[1] = 1;
return AVERROR_INVALIDDATA;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment