]> git.sesse.net Git - ffmpeg/blobdiff - libavcodec/h264_ps.c
projects / ffmpeg / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
aacdec: Factorize if (elem_type < TYPE_DSE).
[ffmpeg] / libavcodec / h264_ps.c
diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c
index 423ffe8a7184c0788874c300b767605d8ff45905..7648e2c7a60a3fee7abdc60ea069cf20215c4136 100644 (file)
--- a/libavcodec/h264_ps.c
+++ b/libavcodec/h264_ps.c
@@ -20,7 +20,7 @@
  */
 
 /**
- * @file libavcodec/h264_ps.c
+ * @file
  * H.264 / AVC / MPEG4 part10 parameter set decoding.
  * @author Michael Niedermayer <michaelni@gmx.at>
  */
@@ -176,7 +176,7 @@ static inline int decode_vui_parameters(H264Context *h, SPS *sps){
     if(sps->timing_info_present_flag){
         sps->num_units_in_tick = get_bits_long(&s->gb, 32);
         sps->time_scale = get_bits_long(&s->gb, 32);
-        if(sps->num_units_in_tick-1 > 0x7FFFFFFEU || sps->time_scale-1 > 0x7FFFFFFEU){
+        if(!sps->num_units_in_tick || !sps->time_scale){
             av_log(h->s.avctx, AV_LOG_ERROR, "time_scale/num_units_in_tick invalid or unsupported (%d/%d)\n", sps->time_scale, sps->num_units_in_tick);
             return -1;
         }
@@ -205,6 +205,12 @@ static inline int decode_vui_parameters(H264Context *h, SPS *sps){
         sps->num_reorder_frames= get_ue_golomb(&s->gb);
         get_ue_golomb(&s->gb); /*max_dec_frame_buffering*/
 
+        if(s->gb.size_in_bits < get_bits_count(&s->gb)){
+            av_log(h->s.avctx, AV_LOG_ERROR, "Overread VUI by %d bits\n", get_bits_count(&s->gb) - s->gb.size_in_bits);
+            sps->num_reorder_frames=0;
+            sps->bitstream_restriction_flag= 0;
+        }
+
         if(sps->num_reorder_frames > 16U /*max_dec_frame_buffering || max_dec_frame_buffering > 16*/){
             av_log(h->s.avctx, AV_LOG_ERROR, "illegal num_reorder_frames %d\n", sps->num_reorder_frames);
             return -1;
@@ -347,6 +353,10 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){
         sps->mb_aff= 0;
 
     sps->direct_8x8_inference_flag= get_bits1(&s->gb);
+    if(!sps->frame_mbs_only_flag && !sps->direct_8x8_inference_flag){
+        av_log(h->s.avctx, AV_LOG_ERROR, "This stream was generated by a broken encoder, invalid 8x8 inference\n");
+        goto fail;
+    }
 
 #ifndef ALLOW_INTERLACE
     if(sps->mb_aff)
Unnamed repository; edit this file 'description' to name the repository.