From: Anton Khirnov <anton@khirnov.net>
Date: Wed, 18 May 2016 08:04:44 +0000 (+0200)
Subject: h264: tighten the valid range for ref_frame_count
X-Git-Url: https://git.sesse.net/?a=commitdiff_plain;h=70b1dcef2d859ae6b3e21d61de928c3dd0cf1aa4;p=ffmpeg

h264: tighten the valid range for ref_frame_count

This field (which the spec calls max_num_ref_frames) must be less than
or equal to MaxDpbFrames, which is at most 16.
---

diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c
index 46457a89d5f..4a56c738bff 100644
--- a/libavcodec/h264_ps.c
+++ b/libavcodec/h264_ps.c
@@ -431,8 +431,7 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx,
     }
 
     sps->ref_frame_count = get_ue_golomb_31(gb);
-    if (sps->ref_frame_count > H264_MAX_PICTURE_COUNT - 2 ||
-        sps->ref_frame_count >= 32U) {
+    if (sps->ref_frame_count > MAX_DELAYED_PIC_COUNT) {
         av_log(avctx, AV_LOG_ERROR,
                "too many reference frames %d\n", sps->ref_frame_count);
         goto fail;