diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2019-06-01 23:08:27 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-06-01 23:08:27 +0000 |
| commit | c0748eed793619fd6478af214b981fc357bb3d9a (patch) | |
| tree | 582e35304eb40fbe2453197d7a4718861eff2f44 | |
| parent | 6c2adfb7362e7d70a392257059f2881e75d318e9 (diff) | |
| parent | 6db97fcc8dcc1f7839b48fe92f40523ad6e9ea07 (diff) | |
| download | libavc-android10-s2-release.tar.gz | |
Snap for 5626731 from 6db97fcc8dcc1f7839b48fe92f40523ad6e9ea07 to qt-releaseandroid-vts-10.0_r9android-vts-10.0_r8android-vts-10.0_r7android-vts-10.0_r6android-vts-10.0_r5android-vts-10.0_r4android-vts-10.0_r3android-vts-10.0_r2android-vts-10.0_r16android-vts-10.0_r15android-vts-10.0_r14android-vts-10.0_r13android-vts-10.0_r12android-vts-10.0_r11android-vts-10.0_r10android-vts-10.0_r1android-cts-10.0_r9android-cts-10.0_r8android-cts-10.0_r7android-cts-10.0_r6android-cts-10.0_r5android-cts-10.0_r4android-cts-10.0_r3android-cts-10.0_r2android-cts-10.0_r16android-cts-10.0_r15android-cts-10.0_r14android-cts-10.0_r13android-cts-10.0_r12android-cts-10.0_r11android-cts-10.0_r10android-cts-10.0_r1android-10.0.0_r6android-10.0.0_r5android-10.0.0_r4android-10.0.0_r3android-10.0.0_r2android-10.0.0_r17android-10.0.0_r11android-10.0.0_r10android-10.0.0_r1android10-tests-releaseandroid10-s3-releaseandroid10-s2-releaseandroid10-s1-releaseandroid10-release
Change-Id: I2469950bf26cc3986bc60e45e45cb5340c5b6993
| -rw-r--r-- | decoder/ih264d_defs.h | 5 | ||||
| -rw-r--r-- | decoder/ih264d_error_handler.h | 3 | ||||
| -rw-r--r-- | decoder/ih264d_utils.c | 38 |
3 files changed, 39 insertions, 7 deletions
diff --git a/decoder/ih264d_defs.h b/decoder/ih264d_defs.h index ec3f2af..94d0d61 100644 --- a/decoder/ih264d_defs.h +++ b/decoder/ih264d_defs.h @@ -34,6 +34,8 @@ * ************************************************************************ */ +#include <stdint.h> + #define H264_MAX_FRAME_WIDTH 4080 #define H264_MAX_FRAME_HEIGHT 4080 #define H264_MAX_FRAME_SIZE (4096 * 2048) @@ -47,6 +49,9 @@ #define CHECKBIT(a,i) ((a) & (1 << i)) #define CLEARBIT(a,i) ((a) &= ~(1 << i)) +/** Macro to check if a number lies in the valid integer range */ +#define IS_OUT_OF_RANGE_S32(a) (((a) < INT32_MIN) || ((a) > INT32_MAX)) + /** Macro to convert a integer to a boolean value */ #define BOOLEAN(x) (!!(x)) diff --git a/decoder/ih264d_error_handler.h b/decoder/ih264d_error_handler.h index 586fe8a..a3764c6 100644 --- a/decoder/ih264d_error_handler.h +++ b/decoder/ih264d_error_handler.h @@ -113,7 +113,8 @@ typedef enum ERROR_IN_LAST_SLICE_OF_PIC = 0x93, ERROR_NEW_FRAME_EXPECTED = 0x94, ERROR_INCOMPLETE_FRAME = 0x95, - ERROR_VUI_PARAMS_NOT_FOUND = 0x96 + ERROR_VUI_PARAMS_NOT_FOUND = 0x96, + ERROR_INV_POC = 0x97 } h264_decoder_error_code_t; diff --git a/decoder/ih264d_utils.c b/decoder/ih264d_utils.c index 49b9c08..0381763 100644 --- a/decoder/ih264d_utils.c +++ b/decoder/ih264d_utils.c @@ -313,36 +313,62 @@ WORD32 ih264d_decode_pic_order_cnt(UWORD8 u1_is_idr_slice, + ps_seq->i4_ofst_for_ref_frame[i]; } - expected_poc =(WORD32)CLIP_S32(i8_result); + if(IS_OUT_OF_RANGE_S32(i8_result)) + return ERROR_INV_POC; + + expected_poc = (WORD32)i8_result; + } else expected_poc = 0; if(u1_nal_ref_idc == 0) { - expected_poc = expected_poc + i8_result = expected_poc + ps_seq->i4_ofst_for_non_ref_pic; + + if(IS_OUT_OF_RANGE_S32(i8_result)) + return ERROR_INV_POC; + + expected_poc = (WORD32)i8_result; } /* 6. TopFieldOrderCnt or BottomFieldOrderCnt are derived as */ if(!u1_field_pic_flag) { - i4_top_field_order_cnt = expected_poc + i8_result = expected_poc + ps_cur_poc->i4_delta_pic_order_cnt[0]; - i4_bottom_field_order_cnt = i4_top_field_order_cnt + + if(IS_OUT_OF_RANGE_S32(i8_result)) + return ERROR_INV_POC; + i4_top_field_order_cnt = (WORD32)i8_result; + + i8_result = i4_top_field_order_cnt + ps_seq->i4_ofst_for_top_to_bottom_field + ps_cur_poc->i4_delta_pic_order_cnt[1]; + + if(IS_OUT_OF_RANGE_S32(i8_result)) + return ERROR_INV_POC; + i4_bottom_field_order_cnt = (WORD32)i8_result; } else if(!u1_bottom_field_flag) { - i4_top_field_order_cnt = expected_poc + i8_result = expected_poc + ps_cur_poc->i4_delta_pic_order_cnt[0]; + + if(IS_OUT_OF_RANGE_S32(i8_result)) + return ERROR_INV_POC; + i4_top_field_order_cnt = (WORD32)i8_result; } else { - i4_bottom_field_order_cnt = expected_poc + i8_result = expected_poc + ps_seq->i4_ofst_for_top_to_bottom_field + ps_cur_poc->i4_delta_pic_order_cnt[0]; + + if(IS_OUT_OF_RANGE_S32(i8_result)) + return ERROR_INV_POC; + i4_bottom_field_order_cnt = (WORD32)i8_result; } /* Copy the current POC info into Previous POC structure */ ps_cur_poc->i4_prev_frame_num_ofst = frame_num_ofst; |