Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / b48b7b4109868a8c0ddda090992e936e821c7ea6 / . / import-layers / meta-openembedded / meta-multimedia / recipes-multimedia / gstreamer-0.10 / gst-ffmpeg-0.10.13 / 0001-h264-correct-ref-count-check-and-limit-fix-out-of-ar.patch
blob: d4f55b2696de36c94ba58fc44d9f1ef93640a47b [file] [log] [blame]
From d6c184880ee2e09fd68c0ae217173832cee5afc1 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sun, 18 Nov 2012 16:29:04 +0100
Subject: [PATCH] h264: correct ref count check and limit, fix out of array
accesses.
Upstream-Status: Backport
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
libavcodec/h264.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index da43f1e..32cede5 100644
--- a/gst-libs/ext/libav/libavcodec/h264.c
+++ b/gst-libs/ext/libav/libavcodec/h264.c
@@ -2870,6 +2870,9 @@ static int decode_slice_header(H264Conte
h->ref_count[0]= get_ue_golomb(&s->gb) + 1;
if(h->slice_type_nos==AV_PICTURE_TYPE_B)
h->ref_count[1]= get_ue_golomb(&s->gb) + 1;
+ else
+ // full range is spec-ok in this case, even for frames
+ h->ref_count[1] = 1;
if(h->ref_count[0]-1 > 32-1 || h->ref_count[1]-1 > 32-1){
av_log(h->s.avctx, AV_LOG_ERROR, "reference overflow\n");
--