h264: correct ref count check and limit, fix out of array accesses.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

h264: correct ref count check and limit, fix out of array accesses.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
d6c18488 · Michael Niedermayer · 2d5f1add · d6c18488
Commit d6c18488 authored Nov 18, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

h264.c libavcodec/h264.c +1 -1

No files found.
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -2935,7 +2935,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0)
                h->ref_count[1] = get_ue_golomb(&s->gb) + 1;
            else
                // full range is spec-ok in this case, even for frames
-                max[1] = 31;
+                h->ref_count[1] = 1;
        }

        if (h->ref_count[0]-1 > max[0] || h->ref_count[1]-1 > max[1]){