[FFmpeg-devel] [PATCH 2/3] h264: straighten dimensions check
Benoit Fouet
benoit.fouet at free.fr
Mon Jun 27 14:39:19 CEST 2016
-------------- next part --------------
From 91b000bf2e0b01695803c5ef98cfb06590f5f409 Mon Sep 17 00:00:00 2001
From: Benoit Fouet <benoit.fouet at free.fr>
Date: Mon, 27 Jun 2016 13:31:21 +0200
Subject: [PATCH 2/3] h264: straighten dimensions check
ff_h264_decode_seq_parameter_set
The MBS only flag was not taken into account when checking macroblock dimensions.
Also removes the unneeded check in init_dimensions for slices.
---
libavcodec/h264_ps.c | 15 ++++++++-------
libavcodec/h264_slice.c | 17 -----------------
2 files changed, 8 insertions(+), 24 deletions(-)
diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c
index 5d4ddea..0a97649 100644
--- a/libavcodec/h264_ps.c
+++ b/libavcodec/h264_ps.c
@@ -463,13 +463,6 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx,
sps->gaps_in_frame_num_allowed_flag = get_bits1(gb);
sps->mb_width = get_ue_golomb(gb) + 1;
sps->mb_height = get_ue_golomb(gb) + 1;
- if ((unsigned)sps->mb_width >= INT_MAX / 16 ||
- (unsigned)sps->mb_height >= INT_MAX / 16 ||
- av_image_check_size(16 * sps->mb_width,
- 16 * sps->mb_height, 0, avctx)) {
- av_log(avctx, AV_LOG_ERROR, "mb_width/height overflow\n");
- goto fail;
- }
sps->frame_mbs_only_flag = get_bits1(gb);
if (!sps->frame_mbs_only_flag)
@@ -477,6 +470,14 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx,
else
sps->mb_aff = 0;
+ if ((unsigned)sps->mb_width >= INT_MAX / 16 ||
+ (unsigned)sps->mb_height >= INT_MAX / (16 * (2 - sps->frame_mbs_only_flag)) ||
+ av_image_check_size(16 * sps->mb_width,
+ 16 * sps->mb_height * (2 - sps->frame_mbs_only_flag), 0, avctx)) {
+ av_log(avctx, AV_LOG_ERROR, "mb_width/height overflow\n");
+ goto fail;
+ }
+
sps->direct_8x8_inference_flag = get_bits1(gb);
#ifndef ALLOW_INTERLACE
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index 474400b..a470da6 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -889,23 +889,6 @@ static int init_dimensions(H264Context *h)
height = h->avctx->height;
}
- if (width <= 0 || height <= 0) {
- av_log(h->avctx, AV_LOG_ERROR, "Invalid cropped dimensions: %dx%d.\n",
- width, height);
- if (h->avctx->err_recognition & AV_EF_EXPLODE)
- return AVERROR_INVALIDDATA;
-
- av_log(h->avctx, AV_LOG_WARNING, "Ignoring cropping information.\n");
- sps->crop_bottom =
- sps->crop_top =
- sps->crop_right =
- sps->crop_left =
- sps->crop = 0;
-
- width = h->width;
- height = h->height;
- }
-
h->avctx->coded_width = h->width;
h->avctx->coded_height = h->height;
h->avctx->width = width;
--
2.9.0.37.g6d523a3
More information about the ffmpeg-devel
mailing list