diff options
author | Harish Mahendrakar <harish.mahendrakar@ittiam.com> | 2017-01-16 17:10:07 +0530 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2017-01-23 11:17:36 -0800 |
commit | b2989298f407612778efd462bee52ab254c47071 (patch) | |
tree | 8de44ebbeeb30e272ce3b8c2c45673b40a4a0601 | |
parent | 9028bdf1df076ba54e48cb868f89545ee024a8b0 (diff) | |
download | libavc-b2989298f407612778efd462bee52ab254c47071.tar.gz |
Decoder: Fix in checking first_mb_in_slice
Also, increment slice header only if previous slice had atleast one MB
This is to ensure there is no out of bound read for streams with 1 MB, and
due to error 2 slices were being accessed.
Bug: 33982658
Change-Id: I5f1918c09e922ca39f495f6059dfea3fa1d49448
(cherry picked from commit ef27433ca86c4084f0cff3e284f9e799c3fdfbec)
-rw-r--r-- | decoder/ih264d_parse_pslice.c | 14 | ||||
-rw-r--r-- | decoder/ih264d_parse_slice.c | 3 |
2 files changed, 10 insertions, 7 deletions
diff --git a/decoder/ih264d_parse_pslice.c b/decoder/ih264d_parse_pslice.c index 9d4e687..efb94ad 100644 --- a/decoder/ih264d_parse_pslice.c +++ b/decoder/ih264d_parse_pslice.c @@ -1661,11 +1661,15 @@ WORD32 ih264d_mark_err_slice_skip(dec_struct_t * ps_dec, return 0; } - // Inserting new slice - ps_dec->u2_cur_slice_num++; - ps_dec->i2_prev_slice_mbx = ps_dec->u2_mbx; - ps_dec->i2_prev_slice_mby = ps_dec->u2_mby; - ps_dec->ps_parse_cur_slice++; + /* Inserting new slice only if the current slice has atleast 1 MB*/ + if(ps_dec->ps_parse_cur_slice->u4_first_mb_in_slice < + (UWORD32)(ps_dec->u2_total_mbs_coded >> ps_slice->u1_mbaff_frame_flag)) + { + ps_dec->i2_prev_slice_mbx = ps_dec->u2_mbx; + ps_dec->i2_prev_slice_mby = ps_dec->u2_mby; + ps_dec->u2_cur_slice_num++; + ps_dec->ps_parse_cur_slice++; + } } else diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c index 80603c2..11a317b 100644 --- a/decoder/ih264d_parse_slice.c +++ b/decoder/ih264d_parse_slice.c @@ -1056,8 +1056,7 @@ WORD32 ih264d_parse_decode_slice(UWORD8 u1_is_idr_slice, /*we currently don not support ASO*/ if(((u2_first_mb_in_slice << ps_cur_slice->u1_mbaff_frame_flag) - <= ps_dec->u2_cur_mb_addr) && (ps_dec->u2_cur_mb_addr != 0) - && (ps_dec->u4_first_slice_in_pic != 0)) + <= ps_dec->u2_cur_mb_addr) && (ps_dec->u4_first_slice_in_pic == 0)) { return ERROR_CORRUPTED_SLICE; } |